General
-
Target
file.exe
-
Size
1.4MB
-
Sample
221123-p9sy1agd8s
-
MD5
d042c1d9563bec15fa9b4d42c5a9efc1
-
SHA1
e55c427ef95d2be30a3818ce1dfd36be6fa84600
-
SHA256
8cfda84a278b5427942be71112f790b91b29fd782e8a462a37b5f8194bf621a2
-
SHA512
7047bca31534b566c0102fc48f3680db97e1aa0fa77bb73497b3b933b03bc2a38ad541723afa68293cad63a4a9793fe33cc8bf0d2f725bb3bae75cb1b1c39733
-
SSDEEP
24576:RizWMMGW2twZ06yojH+D5v5+5+6ilkGq7aKTIopzZIHafeTIGCz37jJOt4TJKbAQ:6rL96yPm5+1STIopzZIHafeT30cuhNeZ
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
1.4MB
-
MD5
d042c1d9563bec15fa9b4d42c5a9efc1
-
SHA1
e55c427ef95d2be30a3818ce1dfd36be6fa84600
-
SHA256
8cfda84a278b5427942be71112f790b91b29fd782e8a462a37b5f8194bf621a2
-
SHA512
7047bca31534b566c0102fc48f3680db97e1aa0fa77bb73497b3b933b03bc2a38ad541723afa68293cad63a4a9793fe33cc8bf0d2f725bb3bae75cb1b1c39733
-
SSDEEP
24576:RizWMMGW2twZ06yojH+D5v5+5+6ilkGq7aKTIopzZIHafeTIGCz37jJOt4TJKbAQ:6rL96yPm5+1STIopzZIHafeT30cuhNeZ
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-