General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-2qhp5sbd47

  • MD5

    8cf9eaa7921709e1078efc9a518dee4d

  • SHA1

    8ac4ca8c3aa512990e4ad7553c671f64107c9666

  • SHA256

    f16450dfd119db8053036893b28cbcd5a09b1734485b98432bd9b04ca562eee9

  • SHA512

    169d2bb4d66282ecfdb96fbe28d7769f851e401d661fb03e3a1d6aee3e93b5a8986f245ea34ab95c052f436903e3e06f4357caf642eab545a6dca8e4e2845d44

  • SSDEEP

    49152:q2XDVmT+CvbbnSGtcc4Z5LC5m2127bysU/liwgfvm11UxVkBaFwnm:rc+gbXm5LC5Z1qbysUVumvUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      8cf9eaa7921709e1078efc9a518dee4d

    • SHA1

      8ac4ca8c3aa512990e4ad7553c671f64107c9666

    • SHA256

      f16450dfd119db8053036893b28cbcd5a09b1734485b98432bd9b04ca562eee9

    • SHA512

      169d2bb4d66282ecfdb96fbe28d7769f851e401d661fb03e3a1d6aee3e93b5a8986f245ea34ab95c052f436903e3e06f4357caf642eab545a6dca8e4e2845d44

    • SSDEEP

      49152:q2XDVmT+CvbbnSGtcc4Z5LC5m2127bysU/liwgfvm11UxVkBaFwnm:rc+gbXm5LC5Z1qbysUVumvUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks