General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221119-avl5ksaf71

  • MD5

    0ff7f9813be914c884445e869ab88d1a

  • SHA1

    53af1dad11f94b3192ba035911df23f4e2c57d11

  • SHA256

    70b1ac441b927d1d19ec61a59b71ff9c4f8f8a7b43bc32cfc70a19fae9b4689d

  • SHA512

    bb44d11412fc682b540ef9601b6389d96975cdc53bb00de545576bbbb043defa4ce0ccb214a596bbf622e609e250722f513902e2a9615e1235f9f0941283fd9c

  • SSDEEP

    49152:q2G3+NOfJm/tRbV4lQKC5GA6XRaqN2dDg4pLd4yHfRx7Pq2:rmXfJmlRqlQKC5G9XRd+DgKpPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      0ff7f9813be914c884445e869ab88d1a

    • SHA1

      53af1dad11f94b3192ba035911df23f4e2c57d11

    • SHA256

      70b1ac441b927d1d19ec61a59b71ff9c4f8f8a7b43bc32cfc70a19fae9b4689d

    • SHA512

      bb44d11412fc682b540ef9601b6389d96975cdc53bb00de545576bbbb043defa4ce0ccb214a596bbf622e609e250722f513902e2a9615e1235f9f0941283fd9c

    • SSDEEP

      49152:q2G3+NOfJm/tRbV4lQKC5GA6XRaqN2dDg4pLd4yHfRx7Pq2:rmXfJmlRqlQKC5G9XRd+DgKpPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks