General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221120-q34btsah21

  • MD5

    9a7834ffc1237c246a332b351aac26fd

  • SHA1

    89fdcc1e2f2cfd56d71a7c456cfdd83bdd03ca7e

  • SHA256

    c82857f6b8e8ad8b0434997f784432a68fe7a3465215a48cc07573549d51484f

  • SHA512

    5070735d137e3f0c652081b6c5f1378f1bb6e00eb592653bbbdd3a1ee24684bec9aeb497c84da141a7834041e967c185e3e1be1bfdcf543c17d744f1726e5705

  • SSDEEP

    49152:q2B3iwnD68Kdcd+hXVJSqsgJEWTarEeuteBOACC02B0qBcX9je8JLUxVkBaFwnm:rBxD+dC+hzSq5/arNuM0e0FF7UxVkB0H

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      9a7834ffc1237c246a332b351aac26fd

    • SHA1

      89fdcc1e2f2cfd56d71a7c456cfdd83bdd03ca7e

    • SHA256

      c82857f6b8e8ad8b0434997f784432a68fe7a3465215a48cc07573549d51484f

    • SHA512

      5070735d137e3f0c652081b6c5f1378f1bb6e00eb592653bbbdd3a1ee24684bec9aeb497c84da141a7834041e967c185e3e1be1bfdcf543c17d744f1726e5705

    • SSDEEP

      49152:q2B3iwnD68Kdcd+hXVJSqsgJEWTarEeuteBOACC02B0qBcX9je8JLUxVkBaFwnm:rBxD+dC+hzSq5/arNuM0e0FF7UxVkB0H

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks