General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221120-kepwmseb96

  • MD5

    17ca490ce5eb7544e422879001b37704

  • SHA1

    0ea6052534e920882a86ef0c9e70b6d9be9bb0fc

  • SHA256

    2e2ab6d42a5920508ff5861357cda0cbc4eec5c07703bd1d99797f5666f44150

  • SHA512

    9e746b48fceba100d709085adb70533fe26b2b72e5d8cf317243f2ec6afab0d48102e5c3a99dd262d29ced61d99c8563ea2bdbec88030f64f1b0975009f832e7

  • SSDEEP

    49152:q2xw88p9Xx3bH8GPkrSIhQFuSzDpUxVkBaFwnm:rxGp9dzX/ISpUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      17ca490ce5eb7544e422879001b37704

    • SHA1

      0ea6052534e920882a86ef0c9e70b6d9be9bb0fc

    • SHA256

      2e2ab6d42a5920508ff5861357cda0cbc4eec5c07703bd1d99797f5666f44150

    • SHA512

      9e746b48fceba100d709085adb70533fe26b2b72e5d8cf317243f2ec6afab0d48102e5c3a99dd262d29ced61d99c8563ea2bdbec88030f64f1b0975009f832e7

    • SSDEEP

      49152:q2xw88p9Xx3bH8GPkrSIhQFuSzDpUxVkBaFwnm:rxGp9dzX/ISpUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks