General

  • Target

    file.exe

  • Size

    284KB

  • Sample

    220925-c3kmtschc5

  • MD5

    5391b4af9517ae14559622fd6e290e8b

  • SHA1

    c1e6b45da475cb365eca384eefa25313c3b03f1e

  • SHA256

    609e593e52b4d889ce2aac6834f06ce62e82649b1a49d5e1c1a9cda11d1f5e80

  • SHA512

    e3ee994dc59b5222c4b024ac0837b17b1f5d9e21e55d0dd5cc7eabd1ed909156440a21363260fa13fc6c7894f6f4e23957e12b491ef904bf842407b07d743d6e

  • SSDEEP

    6144:GLaLHUStoPnhilzmlP1cUvxSKLu0kS0E:GuLzwnclzmlP+ZCz0

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      284KB

    • MD5

      5391b4af9517ae14559622fd6e290e8b

    • SHA1

      c1e6b45da475cb365eca384eefa25313c3b03f1e

    • SHA256

      609e593e52b4d889ce2aac6834f06ce62e82649b1a49d5e1c1a9cda11d1f5e80

    • SHA512

      e3ee994dc59b5222c4b024ac0837b17b1f5d9e21e55d0dd5cc7eabd1ed909156440a21363260fa13fc6c7894f6f4e23957e12b491ef904bf842407b07d743d6e

    • SSDEEP

      6144:GLaLHUStoPnhilzmlP1cUvxSKLu0kS0E:GuLzwnclzmlP+ZCz0

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks