General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-1w7qsafa8t

  • MD5

    a4de8e009cee76c10d59490016c3bf78

  • SHA1

    b688f041f440ce5cd9847e12908ed46dbabc5f5c

  • SHA256

    0bd58163405f57471f4f1e0a529cf9f10a9eab8f4ada656920c5e563ee1a756a

  • SHA512

    7a9454bff910440b81937c8e872a54c88b45f3b8d7b077437205f5881c63d84e1ed37f84ea162777cf3da311dcd2b634fe1cafca03df7621d59bb3028b01618a

  • SSDEEP

    49152:q2HjHiFFMlN9XsMe93eriSiO7VGxFJBDxNr2TSUxVkBaFwnm:rDCFFMlN9Xs3erOOgPJB+SUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      a4de8e009cee76c10d59490016c3bf78

    • SHA1

      b688f041f440ce5cd9847e12908ed46dbabc5f5c

    • SHA256

      0bd58163405f57471f4f1e0a529cf9f10a9eab8f4ada656920c5e563ee1a756a

    • SHA512

      7a9454bff910440b81937c8e872a54c88b45f3b8d7b077437205f5881c63d84e1ed37f84ea162777cf3da311dcd2b634fe1cafca03df7621d59bb3028b01618a

    • SSDEEP

      49152:q2HjHiFFMlN9XsMe93eriSiO7VGxFJBDxNr2TSUxVkBaFwnm:rDCFFMlN9Xs3erOOgPJB+SUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks