General

  • Target

    file.exe

  • Size

    284KB

  • Sample

    220925-ctklgacgh6

  • MD5

    e0663b43a4ddd17bdca98000cca9cbf7

  • SHA1

    36bb48bc564dd672fd3e1a390024e463ff81c48c

  • SHA256

    e8638c41223f671b889dfd47b715053395d0ed4c5cae4690a1efd8ad73285545

  • SHA512

    13dc899e129a16242b9c1c75869cafda10502ddecfd241cbc7d4015e6de91d5a998a51f99984b6a6ac833c9f60dab8e2e6b457abe57f292e672a3b748b96e446

  • SSDEEP

    3072:wt2AIALOjEjz5N5Dpzd/Ox95/jV/7RdMgq92lvKYDYGOULHqsOUAjs9+J1sYPNq1:kLzjRxEXdV/rbyGXYGOUVOUAjskqYP

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      284KB

    • MD5

      e0663b43a4ddd17bdca98000cca9cbf7

    • SHA1

      36bb48bc564dd672fd3e1a390024e463ff81c48c

    • SHA256

      e8638c41223f671b889dfd47b715053395d0ed4c5cae4690a1efd8ad73285545

    • SHA512

      13dc899e129a16242b9c1c75869cafda10502ddecfd241cbc7d4015e6de91d5a998a51f99984b6a6ac833c9f60dab8e2e6b457abe57f292e672a3b748b96e446

    • SSDEEP

      3072:wt2AIALOjEjz5N5Dpzd/Ox95/jV/7RdMgq92lvKYDYGOULHqsOUAjs9+J1sYPNq1:kLzjRxEXdV/rbyGXYGOUVOUAjskqYP

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks