General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221201-jcz36abc7y

  • MD5

    2554c5c90724c03556f37435342b8efb

  • SHA1

    0ca7e89fab812cd7e8665b3dfc452948571cbe37

  • SHA256

    073a6ede0805554f3ec2a28bb3176091fc783405e8380ebbef9a0d7b5d590147

  • SHA512

    05d710cb70cb5cd68157e34baa677554e263fd0b4ef6c9194c2990c1fa9f675c6d349eac7e2790aa21b7fc81986c6194b184926e36b276dd527352a2cd39c498

  • SSDEEP

    49152:8S0vluBzNvDonrHckSq4TJX8+DiIXuvNwgAG5cyI:8vvIBzNv8nrcrq4TNLDXXuCgXcyI

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      2554c5c90724c03556f37435342b8efb

    • SHA1

      0ca7e89fab812cd7e8665b3dfc452948571cbe37

    • SHA256

      073a6ede0805554f3ec2a28bb3176091fc783405e8380ebbef9a0d7b5d590147

    • SHA512

      05d710cb70cb5cd68157e34baa677554e263fd0b4ef6c9194c2990c1fa9f675c6d349eac7e2790aa21b7fc81986c6194b184926e36b276dd527352a2cd39c498

    • SSDEEP

      49152:8S0vluBzNvDonrHckSq4TJX8+DiIXuvNwgAG5cyI:8vvIBzNv8nrcrq4TNLDXXuCgXcyI

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks