General

  • Target

    file.exe

  • Size

    3.6MB

  • Sample

    221203-nw95paga98

  • MD5

    fecdaebf9020c9761d7826ffc4c7b106

  • SHA1

    620779087a44052557ee84287e8dc5eb393b3295

  • SHA256

    b567ca13681a6e3bfe04781ca7e266a26a24a29c2dff05e3d99adb1cfcd7acf6

  • SHA512

    b3aa1b2dbb029184d936c610ffa33abd1186de9a6bfa78372541f3bf9799fd3f68f36b8634a34ac112422ba9ec5c1608fd07325057fcf17b0aaa25d756b53956

  • SSDEEP

    98304:MFBp2/zNzoEzD26nzrU4lfwjyA3Q07D7p9CXcyM:2grNzZbM4lw/Q07uXcyM

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.6MB

    • MD5

      fecdaebf9020c9761d7826ffc4c7b106

    • SHA1

      620779087a44052557ee84287e8dc5eb393b3295

    • SHA256

      b567ca13681a6e3bfe04781ca7e266a26a24a29c2dff05e3d99adb1cfcd7acf6

    • SHA512

      b3aa1b2dbb029184d936c610ffa33abd1186de9a6bfa78372541f3bf9799fd3f68f36b8634a34ac112422ba9ec5c1608fd07325057fcf17b0aaa25d756b53956

    • SSDEEP

      98304:MFBp2/zNzoEzD26nzrU4lfwjyA3Q07D7p9CXcyM:2grNzZbM4lw/Q07uXcyM

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks