General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221119-cp5e3shf67

  • MD5

    37682791d7627aab0ae5f6c4cac55a22

  • SHA1

    f5b891a4e5cef152f7cdd95efaaf85cbf51988ea

  • SHA256

    f7fe966b2f24daa0534d142fde4c0d9cda077676ffb775bb61e260a1c8d01bff

  • SHA512

    94f49e3604e9a5adb67efb5881dd74390c7bf68f205f3a73afc2ce587e254c2807bbcce8c31e4e4be7397214da84ddde8ed01192f5fd1f8a2415984fe723d7c0

  • SSDEEP

    49152:q2ZZ2AVnktlcUzEhQ6RjZQmuU5vkbG5TbrfhyHfRx7Pq2:rZMonk80Eu6RVQmuUSbq7fQPD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      37682791d7627aab0ae5f6c4cac55a22

    • SHA1

      f5b891a4e5cef152f7cdd95efaaf85cbf51988ea

    • SHA256

      f7fe966b2f24daa0534d142fde4c0d9cda077676ffb775bb61e260a1c8d01bff

    • SHA512

      94f49e3604e9a5adb67efb5881dd74390c7bf68f205f3a73afc2ce587e254c2807bbcce8c31e4e4be7397214da84ddde8ed01192f5fd1f8a2415984fe723d7c0

    • SSDEEP

      49152:q2ZZ2AVnktlcUzEhQ6RjZQmuU5vkbG5TbrfhyHfRx7Pq2:rZMonk80Eu6RVQmuUSbq7fQPD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks