General
-
Target
file.exe
-
Size
1.2MB
-
Sample
221123-mvh45sac5s
-
MD5
39bc1703e192b987fc386248a1b5b39b
-
SHA1
d814fc4e78dfba117818859528aaaf6f51b47b80
-
SHA256
917217e609a23bea6a5f3046453e4678e7d6b07311c75cfda71964315a9a8c59
-
SHA512
1bbcca0edf0b2ba9fb6c5d14ff3888efea78981a59511751ba90fab3e8f796e2c3a8e83200eae2801b615afac63985797150a53659338d8c8ae378be53e275d6
-
SSDEEP
24576:tizR7uK8LTFMvGc4bJy0rZM7k0bT21azJP9SXNjNW9jLp3xgZIY7eCLxYiU:GCm4tnrZ/0bT24VkNW9xONeViU
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
1.2MB
-
MD5
39bc1703e192b987fc386248a1b5b39b
-
SHA1
d814fc4e78dfba117818859528aaaf6f51b47b80
-
SHA256
917217e609a23bea6a5f3046453e4678e7d6b07311c75cfda71964315a9a8c59
-
SHA512
1bbcca0edf0b2ba9fb6c5d14ff3888efea78981a59511751ba90fab3e8f796e2c3a8e83200eae2801b615afac63985797150a53659338d8c8ae378be53e275d6
-
SSDEEP
24576:tizR7uK8LTFMvGc4bJy0rZM7k0bT21azJP9SXNjNW9jLp3xgZIY7eCLxYiU:GCm4tnrZ/0bT24VkNW9xONeViU
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-