General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221120-1dletsfa4x

  • MD5

    bef4bce2a2d28fca8718566075d3c6f4

  • SHA1

    5a0740a3b93021ae82a9d83a12d2a9f9dd665fff

  • SHA256

    00c896fd0a63c29c4c2fbb2962eed2de004640ee66c65b495caf6cad9d66f192

  • SHA512

    a40de97add56b744929c51a1fae1f4ac191fcd6ef0d899aa829c69f85db5daa028ea61c695f6ee360be3a208d99b5b0fa870b3c8d8f77d7f6d240cf3f81091c1

  • SSDEEP

    49152:q2r7E8nO6Ndonf1VjcCqIeZMqt88jWzcx49R9qrz7VkRsOUxVkBaFwnm:rDJzC1Vjc/TmLVRY7KdUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      bef4bce2a2d28fca8718566075d3c6f4

    • SHA1

      5a0740a3b93021ae82a9d83a12d2a9f9dd665fff

    • SHA256

      00c896fd0a63c29c4c2fbb2962eed2de004640ee66c65b495caf6cad9d66f192

    • SHA512

      a40de97add56b744929c51a1fae1f4ac191fcd6ef0d899aa829c69f85db5daa028ea61c695f6ee360be3a208d99b5b0fa870b3c8d8f77d7f6d240cf3f81091c1

    • SSDEEP

      49152:q2r7E8nO6Ndonf1VjcCqIeZMqt88jWzcx49R9qrz7VkRsOUxVkBaFwnm:rDJzC1Vjc/TmLVRY7KdUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks