General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221121-bxyrtsbe68

  • MD5

    2401351207319caa021f02bc2b7d45ec

  • SHA1

    0e7083089e493241928c8944e87502f8ad00dc2e

  • SHA256

    591a56e9b0178fa2b7479ae4e7553bd805e9e7591770f7ca420198bb1a43dc44

  • SHA512

    4edfa0ce810890b3b8225379cde7b385fd5bcd8174fd579ebf7b59252d67ce1bd42082507bf6399a11392ed927631b7f0e62a6832e49ab9517e8087df75e1ae8

  • SSDEEP

    49152:q23L219+B9c/lNe2RhR6YLiipKpaln5UxVkBaFwnm:rWYDmvmYtpam5UxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      2401351207319caa021f02bc2b7d45ec

    • SHA1

      0e7083089e493241928c8944e87502f8ad00dc2e

    • SHA256

      591a56e9b0178fa2b7479ae4e7553bd805e9e7591770f7ca420198bb1a43dc44

    • SHA512

      4edfa0ce810890b3b8225379cde7b385fd5bcd8174fd579ebf7b59252d67ce1bd42082507bf6399a11392ed927631b7f0e62a6832e49ab9517e8087df75e1ae8

    • SSDEEP

      49152:q23L219+B9c/lNe2RhR6YLiipKpaln5UxVkBaFwnm:rWYDmvmYtpam5UxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks