General

  • Target

    2f5b19f3196cf8903daa3de2163e56bc.exe

  • Size

    369KB

  • Sample

    220621-m8jmtsfdd6

  • MD5

    2f5b19f3196cf8903daa3de2163e56bc

  • SHA1

    ddff7f0771687bb3632da27c7e46dcd7ef167e2e

  • SHA256

    81a110de18613503c0f3075da56cdbe363091cebcd8c52423ac1d63aa791bb22

  • SHA512

    ba1951fbc6c18d6fe247d2e5269156db8619f483b1d5796b1f084bb92e760cbe9b233e11c688919b3580e8853baede4b3bdb1c848eb23c20afa3a753f927b8d2

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

37.0.8.39

31.210.20.149

212.192.241.16

Targets

    • Target

      2f5b19f3196cf8903daa3de2163e56bc.exe

    • Size

      369KB

    • MD5

      2f5b19f3196cf8903daa3de2163e56bc

    • SHA1

      ddff7f0771687bb3632da27c7e46dcd7ef167e2e

    • SHA256

      81a110de18613503c0f3075da56cdbe363091cebcd8c52423ac1d63aa791bb22

    • SHA512

      ba1951fbc6c18d6fe247d2e5269156db8619f483b1d5796b1f084bb92e760cbe9b233e11c688919b3580e8853baede4b3bdb1c848eb23c20afa3a753f927b8d2

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks