General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-pz7peaha6t

  • MD5

    6d5d308a97097a9d78e02aa37377927b

  • SHA1

    5097a29df6487be4a44fa286e77f7d5f89b2e032

  • SHA256

    7756e22a70289307ae01e0f165ea276d925d5c126713c02e6a36e7a87b243a2e

  • SHA512

    407e99fedf4a78074c7589512f192d8f05c2c1562feb0081c417deafbca6d098ac2cc1a3359e4c94c0fcac4dc09a0c6cc02f400171a7a7d706c8d5b7d75a756d

  • SSDEEP

    49152:q2+Ofgd0VShc+yTEXmS2zRB8gLA1jKX/iRrKEmpz2UxVkBaFwnm:r+NKh+yTom7zwlR2RSUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      6d5d308a97097a9d78e02aa37377927b

    • SHA1

      5097a29df6487be4a44fa286e77f7d5f89b2e032

    • SHA256

      7756e22a70289307ae01e0f165ea276d925d5c126713c02e6a36e7a87b243a2e

    • SHA512

      407e99fedf4a78074c7589512f192d8f05c2c1562feb0081c417deafbca6d098ac2cc1a3359e4c94c0fcac4dc09a0c6cc02f400171a7a7d706c8d5b7d75a756d

    • SSDEEP

      49152:q2+Ofgd0VShc+yTEXmS2zRB8gLA1jKX/iRrKEmpz2UxVkBaFwnm:r+NKh+yTom7zwlR2RSUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks