General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221119-cf5dqahc68

  • MD5

    81db7e2d8d65ea5b32ae2cfe4a9e7886

  • SHA1

    7e4ac0444b1d5d1ce3ddadc72c1d7a1bca7f9494

  • SHA256

    f9308708d5cb09ac7558ff7a7dadf9607d0f9122118e6ebedf82c1faf2886b85

  • SHA512

    643e7f8b92fcbf3a1ed03a22e0fdbc479563c8fa3a8e0a6307df858b8347dfe0c2772b4a62f36ec53962fb51a75c7434031ca62cf5fe4a189a74f1639dacef17

  • SSDEEP

    49152:q2+a8MtKKy/rVWuJCYgrAUMHBs8Dr5ZuoU/XX8JOyHfRx7Pq2:r+dZ/rVWuJg8U+D+oU/n8lPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      81db7e2d8d65ea5b32ae2cfe4a9e7886

    • SHA1

      7e4ac0444b1d5d1ce3ddadc72c1d7a1bca7f9494

    • SHA256

      f9308708d5cb09ac7558ff7a7dadf9607d0f9122118e6ebedf82c1faf2886b85

    • SHA512

      643e7f8b92fcbf3a1ed03a22e0fdbc479563c8fa3a8e0a6307df858b8347dfe0c2772b4a62f36ec53962fb51a75c7434031ca62cf5fe4a189a74f1639dacef17

    • SSDEEP

      49152:q2+a8MtKKy/rVWuJCYgrAUMHBs8Dr5ZuoU/XX8JOyHfRx7Pq2:r+dZ/rVWuJg8U+D+oU/n8lPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks