General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-285bvsfb6w

  • MD5

    ce04a512b719a0511d73acf93bffc107

  • SHA1

    a606b4a345596ae8cfbf86cd9c5e9fe1576a9caa

  • SHA256

    eedd45bf6c68da9890f4d82ad2df1b04c50be0b29d3935def7b46ebc0887fc67

  • SHA512

    0e869f9470544b4ae3dfa787abdc0051c590f04076c91a8576f015c7cacf19903679e21bd9a1fa09cca3f0077677723bcd1f1b5b0c7442dfc9fabd230237016d

  • SSDEEP

    49152:q2wmbtbWpz3lrwW5fvCOwHnhk3+9tab8Y2zGnoOUxVkBaFwnm:rw8bWpz3ljvCOwHp9YYYTvUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      ce04a512b719a0511d73acf93bffc107

    • SHA1

      a606b4a345596ae8cfbf86cd9c5e9fe1576a9caa

    • SHA256

      eedd45bf6c68da9890f4d82ad2df1b04c50be0b29d3935def7b46ebc0887fc67

    • SHA512

      0e869f9470544b4ae3dfa787abdc0051c590f04076c91a8576f015c7cacf19903679e21bd9a1fa09cca3f0077677723bcd1f1b5b0c7442dfc9fabd230237016d

    • SSDEEP

      49152:q2wmbtbWpz3lrwW5fvCOwHnhk3+9tab8Y2zGnoOUxVkBaFwnm:rw8bWpz3ljvCOwHp9YYYTvUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks