Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221217-qsc2wsgf86

  • MD5

    ec616833bf4cb2a01f40730cef04efcd

  • SHA1

    ebca2be25153ef2696fe0037d47219c9c593eddb

  • SHA256

    4911330ebb6477a1c55e87658de922bbc12cadcf8769db69f665f63d6417bbb5

  • SHA512

    72fc2bf15088e731a09c6cd4c71cafc688a644aa598ed8cf27609487d5d46b9076ab5d8590da1d3d473bba4ca783ef37e9546e99e964b1746282f817fd3fac04

  • SSDEEP

    49152:5fCBx0egW+k4/odRfroT9D7syVb8LsSLOVbBDivLlAz:56l+kC4Rfrs9CASkhz

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      ec616833bf4cb2a01f40730cef04efcd

    • SHA1

      ebca2be25153ef2696fe0037d47219c9c593eddb

    • SHA256

      4911330ebb6477a1c55e87658de922bbc12cadcf8769db69f665f63d6417bbb5

    • SHA512

      72fc2bf15088e731a09c6cd4c71cafc688a644aa598ed8cf27609487d5d46b9076ab5d8590da1d3d473bba4ca783ef37e9546e99e964b1746282f817fd3fac04

    • SSDEEP

      49152:5fCBx0egW+k4/odRfroT9D7syVb8LsSLOVbBDivLlAz:56l+kC4Rfrs9CASkhz

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks