General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221130-ygzqhshh75

  • MD5

    123f79577632ae3c0652c501f79f1b0d

  • SHA1

    cb72645e7e86bf1a2b6bb468ec5838561ddd4b23

  • SHA256

    512905a4eba1e84301c0bc842bc18644ab3aa1dadc71ec08e0ebe02ae2c31970

  • SHA512

    f02cac2ec1185db3c36ce30a00f2745e2d0927d9dbb7da483c6c3b573369f03ac96c07adc166e2bd67da0dbe7654b4c6df88d6dc0b33db6a0846903915f0ca37

  • SSDEEP

    49152:4JPC3kCj9fvuW6J35wuTBp+fH3Dif7pwyqRg6VAG5cyT:4c3d5f2B35NpUQUg6VXcyT

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      123f79577632ae3c0652c501f79f1b0d

    • SHA1

      cb72645e7e86bf1a2b6bb468ec5838561ddd4b23

    • SHA256

      512905a4eba1e84301c0bc842bc18644ab3aa1dadc71ec08e0ebe02ae2c31970

    • SHA512

      f02cac2ec1185db3c36ce30a00f2745e2d0927d9dbb7da483c6c3b573369f03ac96c07adc166e2bd67da0dbe7654b4c6df88d6dc0b33db6a0846903915f0ca37

    • SSDEEP

      49152:4JPC3kCj9fvuW6J35wuTBp+fH3Dif7pwyqRg6VAG5cyT:4c3d5f2B35NpUQUg6VXcyT

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks