General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221118-n7fefshc66

  • MD5

    a2778a2220f14c8bbaa4f8a225337ed1

  • SHA1

    d477ab164f97585ee2ad4813480ef7770d065faa

  • SHA256

    10b37fabd4ec4549b39bf71ccdbcf05ff73650bced11ac9ac0be062adcaf0890

  • SHA512

    eda970f5ed5c3cf6426ab0144e63087451f9e3d7e0435c2b5b160ae7583dc06cb8c55fcc89f8720de967f3df37f9f4fc2ed0584ec1afb73eabced7e43d74874b

  • SSDEEP

    49152:q2S9i96pTasey1RixEvkfB6gsLmhaigLXkku6vRPYHXyHfRx7Pq2:rSIwpFaEv8snLXAwPACPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      a2778a2220f14c8bbaa4f8a225337ed1

    • SHA1

      d477ab164f97585ee2ad4813480ef7770d065faa

    • SHA256

      10b37fabd4ec4549b39bf71ccdbcf05ff73650bced11ac9ac0be062adcaf0890

    • SHA512

      eda970f5ed5c3cf6426ab0144e63087451f9e3d7e0435c2b5b160ae7583dc06cb8c55fcc89f8720de967f3df37f9f4fc2ed0584ec1afb73eabced7e43d74874b

    • SSDEEP

      49152:q2S9i96pTasey1RixEvkfB6gsLmhaigLXkku6vRPYHXyHfRx7Pq2:rSIwpFaEv8snLXAwPACPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks