General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221119-bc8fjabe91

  • MD5

    88af9d2bc916cbb1e7e243e64e9afcb8

  • SHA1

    3b142baf8206d7215b3ed4ff1a4c476697fa38bb

  • SHA256

    2d03665fab59c590dbd323a60d22dd3115afb919ee5ec029b74b75a0f6c3ec9c

  • SHA512

    0b8054fb772fcdfbf0aaa9f80120167f3037a9f09d33c4e9daedf96b4b760f764783ab2cfc807e86e8afb29535c76e6561d7504114e74b9c6ec4928a14c0b150

  • SSDEEP

    49152:q2b86mdjenB1hgko3mzGfin6cCQpwd0NuchD6Oc2+hfyHfRx7Pq2:rTyko3mgEv1l62+gPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      88af9d2bc916cbb1e7e243e64e9afcb8

    • SHA1

      3b142baf8206d7215b3ed4ff1a4c476697fa38bb

    • SHA256

      2d03665fab59c590dbd323a60d22dd3115afb919ee5ec029b74b75a0f6c3ec9c

    • SHA512

      0b8054fb772fcdfbf0aaa9f80120167f3037a9f09d33c4e9daedf96b4b760f764783ab2cfc807e86e8afb29535c76e6561d7504114e74b9c6ec4928a14c0b150

    • SSDEEP

      49152:q2b86mdjenB1hgko3mzGfin6cCQpwd0NuchD6Oc2+hfyHfRx7Pq2:rTyko3mgEv1l62+gPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks