General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-lr7snagc58

  • MD5

    a66d3eb6ffcdf7dc0d40fcfb4f42baec

  • SHA1

    6ad60b9a36838489f5bf389fd0dfb6ca1c38db49

  • SHA256

    47460c60b92f4fab41a08d30b363276220895db8f8de5e6cf8de94d5a5070132

  • SHA512

    14bc99d6f1e96bca237b99f7414138849678dd96a576e502e67a72446a422ffe5ee7c7de0e76250b87462ff7260bdd9923af02334c64e054a895afc0de50c9d2

  • SSDEEP

    49152:q20NdO1K2omTITgZrEH1Ic4FMXopyZHtij3ar1kbh3UxVkBaFwnm:r0Nd97ir8SlenNOFUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      a66d3eb6ffcdf7dc0d40fcfb4f42baec

    • SHA1

      6ad60b9a36838489f5bf389fd0dfb6ca1c38db49

    • SHA256

      47460c60b92f4fab41a08d30b363276220895db8f8de5e6cf8de94d5a5070132

    • SHA512

      14bc99d6f1e96bca237b99f7414138849678dd96a576e502e67a72446a422ffe5ee7c7de0e76250b87462ff7260bdd9923af02334c64e054a895afc0de50c9d2

    • SSDEEP

      49152:q20NdO1K2omTITgZrEH1Ic4FMXopyZHtij3ar1kbh3UxVkBaFwnm:r0Nd97ir8SlenNOFUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks