General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221201-crbksaad7t

  • MD5

    3f919c7dc57233bde4831a7045fb8e39

  • SHA1

    fb4664e679d200d789a51c21b981693dfda4967d

  • SHA256

    076bcea43325946a4031e48f39bc284a43eb3ec4d1d42cceb09a505b898eed7a

  • SHA512

    099a34a904eb56349b59273063c347528ab55cb4666f42f3b287f481c16830173a5081e4305008bcf5e3fa30286afe5bd9aa73d633237194b97ae879cdd274e2

  • SSDEEP

    49152:c/KSRwr+eVeIv6cbwb91pn/5Sead08DnsnwL/PsCIhY2AG5cyr:cbRwabIv6cb69r/5SeeDIkcCIdXcyr

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      3f919c7dc57233bde4831a7045fb8e39

    • SHA1

      fb4664e679d200d789a51c21b981693dfda4967d

    • SHA256

      076bcea43325946a4031e48f39bc284a43eb3ec4d1d42cceb09a505b898eed7a

    • SHA512

      099a34a904eb56349b59273063c347528ab55cb4666f42f3b287f481c16830173a5081e4305008bcf5e3fa30286afe5bd9aa73d633237194b97ae879cdd274e2

    • SSDEEP

      49152:c/KSRwr+eVeIv6cbwb91pn/5Sead08DnsnwL/PsCIhY2AG5cyr:cbRwabIv6cb69r/5SeeDIkcCIdXcyr

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks