General

  • Target

    file.exe

  • Size

    3.4MB

  • Sample

    221203-rc9atsbb31

  • MD5

    4c76aea0dfd8d8806be0642452448adf

  • SHA1

    2dcd97c170849fc881e6ca14d8ff27e53fafb495

  • SHA256

    26e3e14dc540c4a43f55e3b64c304db0d7058ab1c3dfd6a8e447963321e0e202

  • SHA512

    c983c31bc420604785c00411fad60e9b225f77cf0f942236e987261b5fada5b1422a81a11a9f3f4a8fa1f72d9c61d20cf4c72f8096a4accd1c40d9a40aae9e4d

  • SSDEEP

    98304:g1UUCseN4ctX3TgbwPwaakQCgwTz8XcyT:5UCHtX3Tg+e7C7kXcyT

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.4MB

    • MD5

      4c76aea0dfd8d8806be0642452448adf

    • SHA1

      2dcd97c170849fc881e6ca14d8ff27e53fafb495

    • SHA256

      26e3e14dc540c4a43f55e3b64c304db0d7058ab1c3dfd6a8e447963321e0e202

    • SHA512

      c983c31bc420604785c00411fad60e9b225f77cf0f942236e987261b5fada5b1422a81a11a9f3f4a8fa1f72d9c61d20cf4c72f8096a4accd1c40d9a40aae9e4d

    • SSDEEP

      98304:g1UUCseN4ctX3TgbwPwaakQCgwTz8XcyT:5UCHtX3Tg+e7C7kXcyT

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks