General
-
Target
file
-
Size
1.3MB
-
Sample
221123-pf8glabc86
-
MD5
40a441dbadc44139a05155ba53b1a150
-
SHA1
ed621159ed478e6d9186164f4637315a110273cb
-
SHA256
04dbd463c557af8dd3c6354882561a5b65add1049b7fd80d2af01039c07e8da3
-
SHA512
8b4664715fa5deb48970b6b973991a2656be8a320d60a6d6a0fef4a54874e220a3f3a52af98c507693e48ca00e05b7f85deb964e7cc4938a8bf450dc7c9a1ab1
-
SSDEEP
24576:9izS+osa1CiPYheFMyL4h3umkG4i7oAMLKxFYM2utj1g1iwpZjNuf5OJYgZIY7ee:W1osaoiP80dQePG4i7dMLK/YM2ojyik9
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file
-
Size
1.3MB
-
MD5
40a441dbadc44139a05155ba53b1a150
-
SHA1
ed621159ed478e6d9186164f4637315a110273cb
-
SHA256
04dbd463c557af8dd3c6354882561a5b65add1049b7fd80d2af01039c07e8da3
-
SHA512
8b4664715fa5deb48970b6b973991a2656be8a320d60a6d6a0fef4a54874e220a3f3a52af98c507693e48ca00e05b7f85deb964e7cc4938a8bf450dc7c9a1ab1
-
SSDEEP
24576:9izS+osa1CiPYheFMyL4h3umkG4i7oAMLKxFYM2utj1g1iwpZjNuf5OJYgZIY7ee:W1osaoiP80dQePG4i7dMLK/YM2ojyik9
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-