General

  • Target

    file.exe

  • Size

    221KB

  • Sample

    221003-hsnjmacda7

  • MD5

    811fa27a6e376b8f79abf5a483fa626a

  • SHA1

    0bc1893901f7d815c99f84b6d6026fc902f2926a

  • SHA256

    d2deaae72a5f7ef69dd3e8b0cc2d3cff7cd2b75cc5010a7c48712cc2ee1ed328

  • SHA512

    48591d673ac0a2c6825fdabd472dc6ff559e3dacd8f61c20d54b84a963550b4f3e0d96cc8793249fe605f09aed088eca5301ea5ad8a184e30db3a21fb829dfb4

  • SSDEEP

    3072:jhZmqORjkaK7C/aQThJ/HXjAxsM590j/sPJ6ZQu/CmDEwPg:jWP/aQNlTw159wFc

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      221KB

    • MD5

      811fa27a6e376b8f79abf5a483fa626a

    • SHA1

      0bc1893901f7d815c99f84b6d6026fc902f2926a

    • SHA256

      d2deaae72a5f7ef69dd3e8b0cc2d3cff7cd2b75cc5010a7c48712cc2ee1ed328

    • SHA512

      48591d673ac0a2c6825fdabd472dc6ff559e3dacd8f61c20d54b84a963550b4f3e0d96cc8793249fe605f09aed088eca5301ea5ad8a184e30db3a21fb829dfb4

    • SSDEEP

      3072:jhZmqORjkaK7C/aQThJ/HXjAxsM590j/sPJ6ZQu/CmDEwPg:jWP/aQNlTw159wFc

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Command and Control

Web Service

1
T1102

Tasks