General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221118-qsyzcshd79

  • MD5

    d3c7feec9ec9d7ff5294f969f7f96aba

  • SHA1

    9aa4a82f8df241e1b36a00411973ef7dc28fd02d

  • SHA256

    6161db35967129634349a86fb1f01d97423fb547be26913db5a14b3bbed18da9

  • SHA512

    e547490147bb8e4b2e3d536192d707c7b0276cc1d0d29b886d5c26957c89d497254c2a40743d667372c6e1fdbfa8a9c73da89299516c0e60aaf71db576d9202a

  • SSDEEP

    49152:q2vTZmRmbcpAbrM+331kpv2GmstW3QCNLgE90yHfRx7Pq2:r1mRruVpGVnCN081PD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      d3c7feec9ec9d7ff5294f969f7f96aba

    • SHA1

      9aa4a82f8df241e1b36a00411973ef7dc28fd02d

    • SHA256

      6161db35967129634349a86fb1f01d97423fb547be26913db5a14b3bbed18da9

    • SHA512

      e547490147bb8e4b2e3d536192d707c7b0276cc1d0d29b886d5c26957c89d497254c2a40743d667372c6e1fdbfa8a9c73da89299516c0e60aaf71db576d9202a

    • SSDEEP

      49152:q2vTZmRmbcpAbrM+331kpv2GmstW3QCNLgE90yHfRx7Pq2:r1mRruVpGVnCN081PD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks