Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230108-m443zagg6v

  • MD5

    bf1607f8b62108ee051a66be99976470

  • SHA1

    51ac56c782753086a0ac96f66a57842ad4635fff

  • SHA256

    bcc36cf04e425f78fd84739510c01105b95accf91dc4495bf896176ce5fb9ab3

  • SHA512

    5e7a6220229da9d2bdb78ee6df88c93cfbcb06cdcad26323a482a9b510e23939c31202dbe4f6e8c803a24b6ea056b27fba5674e144327f8fed27dda86c80960f

  • SSDEEP

    49152:y2+edFbQlqQkTmIYgM8TQc34XdvYY3Nr73Q9I/m/WahOVLH:jjdKcKNg/J2dvT93C/JhOVLH

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      bf1607f8b62108ee051a66be99976470

    • SHA1

      51ac56c782753086a0ac96f66a57842ad4635fff

    • SHA256

      bcc36cf04e425f78fd84739510c01105b95accf91dc4495bf896176ce5fb9ab3

    • SHA512

      5e7a6220229da9d2bdb78ee6df88c93cfbcb06cdcad26323a482a9b510e23939c31202dbe4f6e8c803a24b6ea056b27fba5674e144327f8fed27dda86c80960f

    • SSDEEP

      49152:y2+edFbQlqQkTmIYgM8TQc34XdvYY3Nr73Q9I/m/WahOVLH:jjdKcKNg/J2dvT93C/JhOVLH

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks