General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221118-tqsaksdg2t

  • MD5

    fbee7b984cf9a26276be5b414e815b16

  • SHA1

    7a3158bfeb7e31050ae756c13ad177bfc25b9b57

  • SHA256

    37e18b20c6b01d73f451a5a39bca50176254805351958d3e7cdf3342f9906fbd

  • SHA512

    97242f3012b3174b30431fecf7e0a39be34225c9c46a40aad0532a99235a6edd918b2214e8e16abf1264654faa6a77e49b08cacdc71bebc63e8b651037bb82ab

  • SSDEEP

    49152:q2pLx8/NGi3pYycL/x+HznSNzq46P2hImDKUr8bAqyHfRx7Pq2:rY1Gi3NmS7SNzq/PWIing8PD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      fbee7b984cf9a26276be5b414e815b16

    • SHA1

      7a3158bfeb7e31050ae756c13ad177bfc25b9b57

    • SHA256

      37e18b20c6b01d73f451a5a39bca50176254805351958d3e7cdf3342f9906fbd

    • SHA512

      97242f3012b3174b30431fecf7e0a39be34225c9c46a40aad0532a99235a6edd918b2214e8e16abf1264654faa6a77e49b08cacdc71bebc63e8b651037bb82ab

    • SSDEEP

      49152:q2pLx8/NGi3pYycL/x+HznSNzq46P2hImDKUr8bAqyHfRx7Pq2:rY1Gi3NmS7SNzq/PWIing8PD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks