General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221130-1mnljsbh5x

  • MD5

    1106918671a5a8cbd825cce7887d726a

  • SHA1

    da66f36a7b69e3d09d02199a69e70eed4bf725ef

  • SHA256

    1a7158c6bb7ba6014ba36e5b868e261abffb551d02748ad21f6cc179c2fbe44e

  • SHA512

    64116e427526134e38d67df4ee2c34e6251a541b1ec123b9eb2dfdb1bca8975f083fbbdabe398b55347fa6725945fce3f78d65f1d9d35e90a2e1de8336b0bfb1

  • SSDEEP

    49152:8qiNbZ/6/bMkI4EM+n/mMDrqvek8trZrApNAG5cyY:8TbZf7U+n/mMDrqv58trINXcyY

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      1106918671a5a8cbd825cce7887d726a

    • SHA1

      da66f36a7b69e3d09d02199a69e70eed4bf725ef

    • SHA256

      1a7158c6bb7ba6014ba36e5b868e261abffb551d02748ad21f6cc179c2fbe44e

    • SHA512

      64116e427526134e38d67df4ee2c34e6251a541b1ec123b9eb2dfdb1bca8975f083fbbdabe398b55347fa6725945fce3f78d65f1d9d35e90a2e1de8336b0bfb1

    • SSDEEP

      49152:8qiNbZ/6/bMkI4EM+n/mMDrqvek8trZrApNAG5cyY:8TbZf7U+n/mMDrqv58trINXcyY

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks