General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-3sab8afb7s

  • MD5

    7488db8c0af90ee27e019e07dcd57bc7

  • SHA1

    64a975a8c33e12b0c4ba600e903bdd5a88a31683

  • SHA256

    b2f69ab142b199103e38893c60e805850ccd9e9a89fd11104b95a03a1e6e11aa

  • SHA512

    80a54afcb57dc39b2bdfa4af1d5bf52dd2fcbefdfb553cfa260f992e40c84262107cc96102ab654585e13c764c49ce82d87f1fb431653d5fe825ad107597f3ba

  • SSDEEP

    49152:q2vxEtFq4pKry+St2lTkVrJRFrsYKqUdRWN4fTfUxVkBaFwnm:rvxCSzS4pkVrGqARU4LUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      7488db8c0af90ee27e019e07dcd57bc7

    • SHA1

      64a975a8c33e12b0c4ba600e903bdd5a88a31683

    • SHA256

      b2f69ab142b199103e38893c60e805850ccd9e9a89fd11104b95a03a1e6e11aa

    • SHA512

      80a54afcb57dc39b2bdfa4af1d5bf52dd2fcbefdfb553cfa260f992e40c84262107cc96102ab654585e13c764c49ce82d87f1fb431653d5fe825ad107597f3ba

    • SSDEEP

      49152:q2vxEtFq4pKry+St2lTkVrJRFrsYKqUdRWN4fTfUxVkBaFwnm:rvxCSzS4pkVrGqARU4LUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks