General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221201-xzz9bsce44

  • MD5

    9803e2a1e01f15af790ec646c16b87b4

  • SHA1

    ff4a9e1086f02da8ce82742987236342506ec99d

  • SHA256

    4d5da6ebc46c453875ab46dbe3c4936e9ba0f3a8344764cd1177f7413ad49c10

  • SHA512

    d5e7122f67179c35396722633c9a2052ef1bfadf38b3aad83e31b05ba4c7ade8d0d22511514661867dd0489f304efbfa62ce8ccc2bf612da898581c761dff0be

  • SSDEEP

    49152:4nqHtlPp2QwI1UIfBeR8tTnId6Dhz85Vcd8DmB8/IFwdBAG5cyE:4nm/2QveIfBemTXhzqVcd8DmB8/ImdBQ

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      9803e2a1e01f15af790ec646c16b87b4

    • SHA1

      ff4a9e1086f02da8ce82742987236342506ec99d

    • SHA256

      4d5da6ebc46c453875ab46dbe3c4936e9ba0f3a8344764cd1177f7413ad49c10

    • SHA512

      d5e7122f67179c35396722633c9a2052ef1bfadf38b3aad83e31b05ba4c7ade8d0d22511514661867dd0489f304efbfa62ce8ccc2bf612da898581c761dff0be

    • SSDEEP

      49152:4nqHtlPp2QwI1UIfBeR8tTnId6Dhz85Vcd8DmB8/IFwdBAG5cyE:4nm/2QveIfBemTXhzqVcd8DmB8/ImdBQ

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks