General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221118-snfnbsde8s

  • MD5

    92ba75b31452e7928cf4b62e72d80f1f

  • SHA1

    7082540edc7d0a04539d83fbab37bc16de3c9653

  • SHA256

    ff521a2295cb712148de25c289d481479e6523340b9f6995e15a711a3f352702

  • SHA512

    4af4f614b90656ea181564113fe6c7f454cc9a8844f14386be5cad73ea7c7e8f6dfaf29586ff75ab79c032204f3b77a84d36604ffd8d95f51606368f8f722001

  • SSDEEP

    49152:q20wYE6tfInPWr1cj4f74sOwRGyOop9WdnfSaE4mjRIyJUyHfRx7Pq2:rpYE6OPe7fOA0obWxaTRjTLPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      92ba75b31452e7928cf4b62e72d80f1f

    • SHA1

      7082540edc7d0a04539d83fbab37bc16de3c9653

    • SHA256

      ff521a2295cb712148de25c289d481479e6523340b9f6995e15a711a3f352702

    • SHA512

      4af4f614b90656ea181564113fe6c7f454cc9a8844f14386be5cad73ea7c7e8f6dfaf29586ff75ab79c032204f3b77a84d36604ffd8d95f51606368f8f722001

    • SSDEEP

      49152:q20wYE6tfInPWr1cj4f74sOwRGyOop9WdnfSaE4mjRIyJUyHfRx7Pq2:rpYE6OPe7fOA0obWxaTRjTLPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks