General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-mtys7sdd2w

  • MD5

    9fc8bc433ba6251dff8c3c09c96c2e5a

  • SHA1

    d769b62252431a54a68c7a17e5da2d0d4b7d40c6

  • SHA256

    954e3f2e91a2e578ffc587d85f165d65d5ca7c223e59c6cc668380eac5c080cc

  • SHA512

    31b2a76f88902eefdccee284389597237a66e05d31f927811348de3956418ff02e29059dbddf3f35c0194433805bfaa57494f5286b654d4d183fe7d5171f4a3a

  • SSDEEP

    49152:q2aTesg3zj//ipjYbM6fhL8H+c6qUxVkBaFwnm:rEes0r/ipjY4b+/qUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      9fc8bc433ba6251dff8c3c09c96c2e5a

    • SHA1

      d769b62252431a54a68c7a17e5da2d0d4b7d40c6

    • SHA256

      954e3f2e91a2e578ffc587d85f165d65d5ca7c223e59c6cc668380eac5c080cc

    • SHA512

      31b2a76f88902eefdccee284389597237a66e05d31f927811348de3956418ff02e29059dbddf3f35c0194433805bfaa57494f5286b654d4d183fe7d5171f4a3a

    • SSDEEP

      49152:q2aTesg3zj//ipjYbM6fhL8H+c6qUxVkBaFwnm:rEes0r/ipjY4b+/qUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks