General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221121-ak2saafb8x

  • MD5

    f818ed05eb74cd1512f343227aebe261

  • SHA1

    17916ab25c42d4889a78678ec346239430d25a49

  • SHA256

    bdb90c7af0a4383b5d6fbd83c4f9ccdd6c2a80bf396cb1da85fe21ed9c6f0093

  • SHA512

    d7bbe2ff82d94078a3392efbdd54155c1fdbd2dc9df2c5c507a1fba783ae719df4de3e55f37601ad15c6cb0ac882d1c78020732fa7c3ca53e7664c434d658a40

  • SSDEEP

    49152:q2cxGyG6YyxYFuVAm4NQM0Y0VivCwnz/Bkg4UxVkBaFwnm:rcsyXaFWAmncd+UxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      f818ed05eb74cd1512f343227aebe261

    • SHA1

      17916ab25c42d4889a78678ec346239430d25a49

    • SHA256

      bdb90c7af0a4383b5d6fbd83c4f9ccdd6c2a80bf396cb1da85fe21ed9c6f0093

    • SHA512

      d7bbe2ff82d94078a3392efbdd54155c1fdbd2dc9df2c5c507a1fba783ae719df4de3e55f37601ad15c6cb0ac882d1c78020732fa7c3ca53e7664c434d658a40

    • SSDEEP

      49152:q2cxGyG6YyxYFuVAm4NQM0Y0VivCwnz/Bkg4UxVkBaFwnm:rcsyXaFWAmncd+UxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks