General

  • Target

    7ba8d19d4993dcd784d73a1338bbfb82.bin

  • Size

    2.1MB

  • Sample

    221204-j7ncvabf43

  • MD5

    7ba8d19d4993dcd784d73a1338bbfb82

  • SHA1

    7416d4d5c976a0bfa65c56a21d2d19a98127eb80

  • SHA256

    dd04d3749d62e11204fa93e6b537fe124b4e94bec5e773fd4355e5f33d15600e

  • SHA512

    644127349496a3c7af4a0efd5529b30b23da79b4ac313e69254b1a82dfee385a4bcd2d92677faf3a4c4fd1308b27f48c73f9d2ff0370d1cbb80cbd80258822e1

  • SSDEEP

    49152:YRVgvQS8aKmM+GLVeBUymEdcdpSEPKyojQnqcrAG5cyl:YAnRMX9EdLxyoyqGXcyl

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      7ba8d19d4993dcd784d73a1338bbfb82.bin

    • Size

      2.1MB

    • MD5

      7ba8d19d4993dcd784d73a1338bbfb82

    • SHA1

      7416d4d5c976a0bfa65c56a21d2d19a98127eb80

    • SHA256

      dd04d3749d62e11204fa93e6b537fe124b4e94bec5e773fd4355e5f33d15600e

    • SHA512

      644127349496a3c7af4a0efd5529b30b23da79b4ac313e69254b1a82dfee385a4bcd2d92677faf3a4c4fd1308b27f48c73f9d2ff0370d1cbb80cbd80258822e1

    • SSDEEP

      49152:YRVgvQS8aKmM+GLVeBUymEdcdpSEPKyojQnqcrAG5cyl:YAnRMX9EdLxyoyqGXcyl

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks