General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221118-pp2qeadc3t

  • MD5

    64d07a47258c462b458ad42d7e5cd20f

  • SHA1

    ee6631038b318ab6cc95a83b439301ef7a8f1e81

  • SHA256

    fbf880d7a9de8d0fb0a346dc084dce11d55e6e263012d66e6938ab7d81074113

  • SHA512

    781f385b03e41701bff31614e97d0db7012ab01656851189643e117e5fe2397861267bae980a84a96845d3df0fbc54f8d289eaa19b86275db21cec37f1b0a089

  • SSDEEP

    49152:q21d5f1Y8Ah2rFstRbGnpqsL/jjrpAiZCUAyHfRx7Pq2:rj5tXJrGCnUsbrmd8PD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      64d07a47258c462b458ad42d7e5cd20f

    • SHA1

      ee6631038b318ab6cc95a83b439301ef7a8f1e81

    • SHA256

      fbf880d7a9de8d0fb0a346dc084dce11d55e6e263012d66e6938ab7d81074113

    • SHA512

      781f385b03e41701bff31614e97d0db7012ab01656851189643e117e5fe2397861267bae980a84a96845d3df0fbc54f8d289eaa19b86275db21cec37f1b0a089

    • SSDEEP

      49152:q21d5f1Y8Ah2rFstRbGnpqsL/jjrpAiZCUAyHfRx7Pq2:rj5tXJrGCnUsbrmd8PD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks