General

  • Target

    file

  • Size

    1MB

  • Sample

    221124-x8f7tahc3t

  • MD5

    588d3553e92a37f1d0a0d8ce5a4f2f16

  • SHA1

    05a10895f582fc0c0aa48ab86cc071812e8bdd57

  • SHA256

    7bda6240ce9a5046aa330b33ea767f99ebc62548067947befcc86c4e38eeb82d

  • SHA512

    bf14f5505c4ecc51c14d06ac151981c757aee4c0b6a17f5484b1f17df62ae693b9a291d9136cf292122fe2930b53a4485bc3d2bbb3f4965d3b99068b1e4b8901

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file

    • Size

      1MB

    • MD5

      588d3553e92a37f1d0a0d8ce5a4f2f16

    • SHA1

      05a10895f582fc0c0aa48ab86cc071812e8bdd57

    • SHA256

      7bda6240ce9a5046aa330b33ea767f99ebc62548067947befcc86c4e38eeb82d

    • SHA512

      bf14f5505c4ecc51c14d06ac151981c757aee4c0b6a17f5484b1f17df62ae693b9a291d9136cf292122fe2930b53a4485bc3d2bbb3f4965d3b99068b1e4b8901

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix

Collection

    Command and Control

      Credential Access

        Defense Evasion

          Execution

            Exfiltration

              Impact

                Initial Access

                  Lateral Movement

                    Persistence

                      Privilege Escalation