General

  • Target

    file

  • Size

    2.0MB

  • Sample

    221118-18t1fsag76

  • MD5

    e9294d745cd1376344b00c80fa5cfb2f

  • SHA1

    0842d32abf75cf1ee6231be53f52f126ea9d4813

  • SHA256

    ec479b888f305f2d4ab4c79167e0108ad473be3ad580297b2c1201292373b5df

  • SHA512

    9ee9232439da6479761a592595869800afa49b66d1d142d2422e8fae2157714ae63c0fc3a8daade1123bf2af6766432e86f4f1c044f0f6be6905ac06cd9451ca

  • SSDEEP

    49152:q2uZezAjfyLnTDn7ZN1fZ3jxzBwmFu5JSc1yHfRx7Pq2:ruczAsTfFfZ3pBwmuHSc0PD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file

    • Size

      2.0MB

    • MD5

      e9294d745cd1376344b00c80fa5cfb2f

    • SHA1

      0842d32abf75cf1ee6231be53f52f126ea9d4813

    • SHA256

      ec479b888f305f2d4ab4c79167e0108ad473be3ad580297b2c1201292373b5df

    • SHA512

      9ee9232439da6479761a592595869800afa49b66d1d142d2422e8fae2157714ae63c0fc3a8daade1123bf2af6766432e86f4f1c044f0f6be6905ac06cd9451ca

    • SSDEEP

      49152:q2uZezAjfyLnTDn7ZN1fZ3jxzBwmFu5JSc1yHfRx7Pq2:ruczAsTfFfZ3pBwmuHSc0PD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks