General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221118-rk5bvahe66

  • MD5

    d0b27b2c14bf324c5d9a3503f06c9237

  • SHA1

    0f349b1a46d0933c0bdeef0ea8554de748a350da

  • SHA256

    0fbd8fe0b0fa6896c99bf44d3726d4dcd0ed1fba7669e928a54431728bfd8dca

  • SHA512

    9ae5cbadec9f39574c60a996ca692a1d8932af9ca84e2bca316c6301be1adbeb1c644f03e3e4f06c3bf18c611500cf49fe79da1019652ef421329c74faab65c0

  • SSDEEP

    49152:q2aUuX+4Af82YRgOCIq5M9C+WAPBoyXSBOpSterj2cnc0AhhuSNonxibyHfRx7PD:r5AmGSOCL5+PGybpdrjPc0AqS2ximPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      d0b27b2c14bf324c5d9a3503f06c9237

    • SHA1

      0f349b1a46d0933c0bdeef0ea8554de748a350da

    • SHA256

      0fbd8fe0b0fa6896c99bf44d3726d4dcd0ed1fba7669e928a54431728bfd8dca

    • SHA512

      9ae5cbadec9f39574c60a996ca692a1d8932af9ca84e2bca316c6301be1adbeb1c644f03e3e4f06c3bf18c611500cf49fe79da1019652ef421329c74faab65c0

    • SSDEEP

      49152:q2aUuX+4Af82YRgOCIq5M9C+WAPBoyXSBOpSterj2cnc0AhhuSNonxibyHfRx7PD:r5AmGSOCL5+PGybpdrjPc0AqS2ximPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks