Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d.exe
-
Size
2.5MB
-
Sample
221104-vt9jpshbb8
-
MD5
0b574da38976aa6e63c774d3dd07af18
-
SHA1
1550f2775795e0f1eefcb431fc1651be8c17375e
-
SHA256
d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d
-
SHA512
14744f9d075e5509780dc318607c90bc6b36c9cf2f9b0c5d62bd15f49746e01db90339b9d622093a72d4b96e14452901a6dca0ed39a779fd0bec3b8137418134
-
SSDEEP
49152:Z2ymeb9E9Rhh6Nxil9cw7lvSK+3Um/2F496Zix1ONApK3t9+U5in8zA5hq:MGUfq2dlK3UBFC6QpKv+UwzDq
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d.exe
-
Size
2.5MB
-
MD5
0b574da38976aa6e63c774d3dd07af18
-
SHA1
1550f2775795e0f1eefcb431fc1651be8c17375e
-
SHA256
d40e885372f07f3cb35ebbc99ac3dbba5d0f34c6ad58d461dbf37505be04d67d
-
SHA512
14744f9d075e5509780dc318607c90bc6b36c9cf2f9b0c5d62bd15f49746e01db90339b9d622093a72d4b96e14452901a6dca0ed39a779fd0bec3b8137418134
-
SSDEEP
49152:Z2ymeb9E9Rhh6Nxil9cw7lvSK+3Um/2F496Zix1ONApK3t9+U5in8zA5hq:MGUfq2dlK3UBFC6QpKv+UwzDq
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-