General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221121-cf43ysfc6z

  • MD5

    012b7e3f6bbd5a404825e5172e02d331

  • SHA1

    72b723c50e965b5a4a128697600c625cb5247d9c

  • SHA256

    e6eef8b11f126ab4e60ae44ce18403e0616cfc2765c6a59a16c9d873f8bb21b2

  • SHA512

    bc1d12c387c17fa7efc3c4d0bc080f290543a85013fc58a830da2f469a62c411919b95b780a3670789f26ff1c6fc1bf2054b2b5f5d9290a0740aecc146deb05e

  • SSDEEP

    49152:q2aF7OxiBP1LCbakstWmPDRDiLsgAkOXjqx9MSq6++UxVkBaFwnm:rsNPhCbsBPI6hXjqxlx++UxVkB04m

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      012b7e3f6bbd5a404825e5172e02d331

    • SHA1

      72b723c50e965b5a4a128697600c625cb5247d9c

    • SHA256

      e6eef8b11f126ab4e60ae44ce18403e0616cfc2765c6a59a16c9d873f8bb21b2

    • SHA512

      bc1d12c387c17fa7efc3c4d0bc080f290543a85013fc58a830da2f469a62c411919b95b780a3670789f26ff1c6fc1bf2054b2b5f5d9290a0740aecc146deb05e

    • SSDEEP

      49152:q2aF7OxiBP1LCbakstWmPDRDiLsgAkOXjqx9MSq6++UxVkBaFwnm:rsNPhCbsBPI6hXjqxlx++UxVkB04m

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks