General

  • Target

    file.exe

  • Size

    3.6MB

  • Sample

    221203-zapseacg85

  • MD5

    71a05e63b25e5e04d8677db86305b8a0

  • SHA1

    1b165b19942c1c0b4f66a8a4f01233e637919fb8

  • SHA256

    bc35d994336209efc78eb210c7d8a63c123406b63fc4d71c3037224b295490b0

  • SHA512

    434322c488fe9bfc833a53ca87f40640ebe186bb8aea280ee222ac13f464b8ce339bcf01d1d279bdd1bc439f51769b0262c8d20f380b9addd0386764c0a72724

  • SSDEEP

    98304:MBD9aBkA8Bg9znbpZyfHbQoTEe04VZXcyK:A0BL/9DlZyvsve04PXcyK

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.6MB

    • MD5

      71a05e63b25e5e04d8677db86305b8a0

    • SHA1

      1b165b19942c1c0b4f66a8a4f01233e637919fb8

    • SHA256

      bc35d994336209efc78eb210c7d8a63c123406b63fc4d71c3037224b295490b0

    • SHA512

      434322c488fe9bfc833a53ca87f40640ebe186bb8aea280ee222ac13f464b8ce339bcf01d1d279bdd1bc439f51769b0262c8d20f380b9addd0386764c0a72724

    • SSDEEP

      98304:MBD9aBkA8Bg9znbpZyfHbQoTEe04VZXcyK:A0BL/9DlZyvsve04PXcyK

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks