General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221120-t1ykcaed21

  • MD5

    fdd43bbb10572ed6c3003efe0748a2c9

  • SHA1

    528d6d5e31ccef548660a751774b9d3794ff1fc0

  • SHA256

    df3ae70fe6a2c5bdc1207608033e878af6cca8b60dc07cd618d0a8c8f05a53b4

  • SHA512

    8d4abf6d8ef424f66cffe2d9e96e8f04c3347d73e2a2085a04bdb872c4f706e8f36be2cece33933a3773855ddf92d1da0f72d29cd44c12cf1efc2bd745b6b188

  • SSDEEP

    49152:q2fSHpbpf0B8MFHahhqPsO8nyA7uBAT7z6UxVkBaFwnm:rKJ1fsHaTqPsOgoAT6UxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      fdd43bbb10572ed6c3003efe0748a2c9

    • SHA1

      528d6d5e31ccef548660a751774b9d3794ff1fc0

    • SHA256

      df3ae70fe6a2c5bdc1207608033e878af6cca8b60dc07cd618d0a8c8f05a53b4

    • SHA512

      8d4abf6d8ef424f66cffe2d9e96e8f04c3347d73e2a2085a04bdb872c4f706e8f36be2cece33933a3773855ddf92d1da0f72d29cd44c12cf1efc2bd745b6b188

    • SSDEEP

      49152:q2fSHpbpf0B8MFHahhqPsO8nyA7uBAT7z6UxVkBaFwnm:rKJ1fsHaTqPsOgoAT6UxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks