General

  • Target

    file.exe

  • Size

    3.5MB

  • Sample

    221203-x8yrvshd88

  • MD5

    109d08799ddbd170eead4aaea98f84d8

  • SHA1

    dc1b1fabef19e8f6c3b558c34059bcac39f32074

  • SHA256

    c0f12cf3cc2030141227a7a933042a0b2e423fcc010ab5da08465afd2ab8c638

  • SHA512

    0c5171d40fb4fb991ab2fe3a3bb312e0c7d5c9288dc89e9ae24eb7ed9ab10000f428a00f7eff0d2513c03e710b3da8e3707354e1c60450c1f4f22993924ffc93

  • SSDEEP

    98304:w9JibmE1rENfbATTB4ZvoYGl28o5+D2KEXcyM:AJibBElETTByvomEyKEXcyM

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.5MB

    • MD5

      109d08799ddbd170eead4aaea98f84d8

    • SHA1

      dc1b1fabef19e8f6c3b558c34059bcac39f32074

    • SHA256

      c0f12cf3cc2030141227a7a933042a0b2e423fcc010ab5da08465afd2ab8c638

    • SHA512

      0c5171d40fb4fb991ab2fe3a3bb312e0c7d5c9288dc89e9ae24eb7ed9ab10000f428a00f7eff0d2513c03e710b3da8e3707354e1c60450c1f4f22993924ffc93

    • SSDEEP

      98304:w9JibmE1rENfbATTB4ZvoYGl28o5+D2KEXcyM:AJibBElETTByvomEyKEXcyM

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks