General

  • Target

    99e465fcabd5be9c531b29f2968fb0029dbe8a0083c97762fef76704a85500d9

  • Size

    3.0MB

  • Sample

    221120-z89v8sfa2y

  • MD5

    c2353cf062d2d47240761ccba1d3335d

  • SHA1

    a1025cd4f22cf138f23eba63c46fddccf81b2710

  • SHA256

    99e465fcabd5be9c531b29f2968fb0029dbe8a0083c97762fef76704a85500d9

  • SHA512

    d406cfd18507e38a879b3869989209faebef51e4a6f2875bc7278337694952c9e4cc4ffd433226db158f0cc97cb717a2afee7589b893d9c706cad16dcb0347fa

  • SSDEEP

    49152:hy/MpeUJenRgVSb1+/zS7vBUMMS5dhQLt01oS46T4M/qZlkJV:eMtkbuO7BUMMS5dhQ61oF6T4sqXgV

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      99e465fcabd5be9c531b29f2968fb0029dbe8a0083c97762fef76704a85500d9

    • Size

      3.0MB

    • MD5

      c2353cf062d2d47240761ccba1d3335d

    • SHA1

      a1025cd4f22cf138f23eba63c46fddccf81b2710

    • SHA256

      99e465fcabd5be9c531b29f2968fb0029dbe8a0083c97762fef76704a85500d9

    • SHA512

      d406cfd18507e38a879b3869989209faebef51e4a6f2875bc7278337694952c9e4cc4ffd433226db158f0cc97cb717a2afee7589b893d9c706cad16dcb0347fa

    • SSDEEP

      49152:hy/MpeUJenRgVSb1+/zS7vBUMMS5dhQLt01oS46T4M/qZlkJV:eMtkbuO7BUMMS5dhQ61oF6T4sqXgV

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

MITRE ATT&CK Enterprise v6

Tasks