General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    221118-q3h1wshe23

  • MD5

    0a774d7c64a51e2234f7436fe4056bbd

  • SHA1

    54d4364d6ce9e8710d45556b71656952ffbd0504

  • SHA256

    c9363a4f693b55889075ea84a2cabd510d2d55ade0f4fb0684ff6de50fd2388f

  • SHA512

    8f6e8f7f19d6431c8d5f400bd8e160603661e78900893bac9b9f67c8bc7bb599bd3028dc6fe956d877a9e9a7511f2ef7c8f9ec26ed2088492da06cb29768fd8f

  • SSDEEP

    49152:q2i7k8zPxeE5esShYdsR+BWwWQ4mfJ+HF64Nan4oZVyHfRx7Pq2:ri7tEE5es4a5Wx++khSPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      0a774d7c64a51e2234f7436fe4056bbd

    • SHA1

      54d4364d6ce9e8710d45556b71656952ffbd0504

    • SHA256

      c9363a4f693b55889075ea84a2cabd510d2d55ade0f4fb0684ff6de50fd2388f

    • SHA512

      8f6e8f7f19d6431c8d5f400bd8e160603661e78900893bac9b9f67c8bc7bb599bd3028dc6fe956d877a9e9a7511f2ef7c8f9ec26ed2088492da06cb29768fd8f

    • SSDEEP

      49152:q2i7k8zPxeE5esShYdsR+BWwWQ4mfJ+HF64Nan4oZVyHfRx7Pq2:ri7tEE5es4a5Wx++khSPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks