General

  • Target

    file

  • Size

    2.4MB

  • Sample

    221120-qkb5maec76

  • MD5

    1adea687283f72668496455328a6b933

  • SHA1

    8526a169f6744773e00bad6d5d4addc3221b5a30

  • SHA256

    63d4406644211322e0a0a9d5d62d8fc78ba8903928704cfa86b5358b07a7d95c

  • SHA512

    42610bf89255ab82a75e0553ddb43652349eb87b0ae0dda2611f86a27e9d3ff220cd41d0aaa11bfe2736d079b3a4ba5bcdb744828b93fe81f5e28d3e9aa3f03c

  • SSDEEP

    49152:q2pDQuFun1QsLhQHsovndZRoaMEYdCFBMEtYUxVkBaFwnm:rpDJFEyS5ovndZRoaMEYdgSnUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file

    • Size

      2.4MB

    • MD5

      1adea687283f72668496455328a6b933

    • SHA1

      8526a169f6744773e00bad6d5d4addc3221b5a30

    • SHA256

      63d4406644211322e0a0a9d5d62d8fc78ba8903928704cfa86b5358b07a7d95c

    • SHA512

      42610bf89255ab82a75e0553ddb43652349eb87b0ae0dda2611f86a27e9d3ff220cd41d0aaa11bfe2736d079b3a4ba5bcdb744828b93fe81f5e28d3e9aa3f03c

    • SSDEEP

      49152:q2pDQuFun1QsLhQHsovndZRoaMEYdCFBMEtYUxVkBaFwnm:rpDJFEyS5ovndZRoaMEYdgSnUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks