General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221120-rcnzwsfe92

  • MD5

    1756c2d93e31bdb9427d60f43cc3c946

  • SHA1

    30edb994b1806258b7fd76628505ec87a9cbbe7d

  • SHA256

    6e4906988a883ef5d80cec4abfe043de3adbdeab626028f4a062731e7defed31

  • SHA512

    3a14382e21d6eff066e4732d7b367364e7858428eb1b566885e1d37d44ceac5fbb392391f6e25fdc3264293f91ffebab6bab92f24e2857188eda89c9d95ec301

  • SSDEEP

    49152:q2+0zVIhaedtMdl1hWICsxiQkSbqP+eMw5VtygdsFfgu9rUxVkBaFwnm:r+0z/f1o5Q/VqGejbcguFP9rUxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      1756c2d93e31bdb9427d60f43cc3c946

    • SHA1

      30edb994b1806258b7fd76628505ec87a9cbbe7d

    • SHA256

      6e4906988a883ef5d80cec4abfe043de3adbdeab626028f4a062731e7defed31

    • SHA512

      3a14382e21d6eff066e4732d7b367364e7858428eb1b566885e1d37d44ceac5fbb392391f6e25fdc3264293f91ffebab6bab92f24e2857188eda89c9d95ec301

    • SSDEEP

      49152:q2+0zVIhaedtMdl1hWICsxiQkSbqP+eMw5VtygdsFfgu9rUxVkBaFwnm:r+0z/f1o5Q/VqGejbcguFP9rUxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks