General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221201-aayb4sbf9z

  • MD5

    da2100496a833c47e2d6e84e724e85dd

  • SHA1

    3d64802e7cc72f032a68848808b6439f979505c1

  • SHA256

    d1db6c96b89f0c587a9b170b56b1244e6afdf1a13cae98e80498d5fa6df05678

  • SHA512

    e0554e98006c52b4df95caab18aeffa306426b2b91c2e304f1ff0ac95a86c0cba271780144323dfeea81cee712c28e44cb8dccf9f8764edaa07fbf644b17720b

  • SSDEEP

    49152:spGKNFstFOEjCe3OrGo/PgdRYTXzf3UYwnyAhAp8HIs3S0GyuBpCwHsAG5cyM:sdFsrZ+r34AXzf3lAhRo7yuBptHsXcyM

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      da2100496a833c47e2d6e84e724e85dd

    • SHA1

      3d64802e7cc72f032a68848808b6439f979505c1

    • SHA256

      d1db6c96b89f0c587a9b170b56b1244e6afdf1a13cae98e80498d5fa6df05678

    • SHA512

      e0554e98006c52b4df95caab18aeffa306426b2b91c2e304f1ff0ac95a86c0cba271780144323dfeea81cee712c28e44cb8dccf9f8764edaa07fbf644b17720b

    • SSDEEP

      49152:spGKNFstFOEjCe3OrGo/PgdRYTXzf3UYwnyAhAp8HIs3S0GyuBpCwHsAG5cyM:sdFsrZ+r34AXzf3lAhRo7yuBptHsXcyM

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks