General
-
Target
file.exe
-
Size
1.4MB
-
Sample
221123-1c2enaaa5w
-
MD5
1b1e74381d2c0a6455412ded11651abc
-
SHA1
ef41d98690bd21fde5776b73b0ba11e0a87d53e5
-
SHA256
139ea83b0623b718a68232eb8a32bae2bec5d244f00302a2478339b5c8d8d9bc
-
SHA512
03c01d36e7c865931bc82afacb0ed75ad8e496c0623de705e407cca161aa200ff826a2dc99b2ae9281bfcc288a0a7184fb58bd772784388f4cb26457696cb503
-
SSDEEP
24576:tizxwTIdOSdnWpUfPWJsK6mrSN7d4r3uJZkLyr9LdxbvDGYgZIY7eCLxYio:GxwxeaKuQBM+AgvxbriNeVio
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
1.4MB
-
MD5
1b1e74381d2c0a6455412ded11651abc
-
SHA1
ef41d98690bd21fde5776b73b0ba11e0a87d53e5
-
SHA256
139ea83b0623b718a68232eb8a32bae2bec5d244f00302a2478339b5c8d8d9bc
-
SHA512
03c01d36e7c865931bc82afacb0ed75ad8e496c0623de705e407cca161aa200ff826a2dc99b2ae9281bfcc288a0a7184fb58bd772784388f4cb26457696cb503
-
SSDEEP
24576:tizxwTIdOSdnWpUfPWJsK6mrSN7d4r3uJZkLyr9LdxbvDGYgZIY7eCLxYio:GxwxeaKuQBM+AgvxbriNeVio
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-