General

  • Target

    file.exe

  • Size

    3.4MB

  • Sample

    221204-jmqx8sdf8s

  • MD5

    cb1e919aaa4a34f22f05648d4958fd33

  • SHA1

    843552ffec560600f936d89e4644fd4765c368c8

  • SHA256

    ad5f860da1b29a57efbaa6ea16dffd5d4212cb4055ead909f97a7f66f0fcc7a2

  • SHA512

    c229128f489f015a11ba02e44933852456e043b0d1ec77cb6588cf9339012df66409c81c4f878bd22fb660bc5e2927c7631c842fe64d70f16791fca063d64dcb

  • SSDEEP

    49152:8RJP89c/VvvHVG0KWMkPrLCRBEhlzYn0Gs1oGonLs4sV/WpJBrTWcPuwoV4JSSMU:8RWSv/ElknaBMwZL0VOpn/Z2J5ZrXcym

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.4MB

    • MD5

      cb1e919aaa4a34f22f05648d4958fd33

    • SHA1

      843552ffec560600f936d89e4644fd4765c368c8

    • SHA256

      ad5f860da1b29a57efbaa6ea16dffd5d4212cb4055ead909f97a7f66f0fcc7a2

    • SHA512

      c229128f489f015a11ba02e44933852456e043b0d1ec77cb6588cf9339012df66409c81c4f878bd22fb660bc5e2927c7631c842fe64d70f16791fca063d64dcb

    • SSDEEP

      49152:8RJP89c/VvvHVG0KWMkPrLCRBEhlzYn0Gs1oGonLs4sV/WpJBrTWcPuwoV4JSSMU:8RWSv/ElknaBMwZL0VOpn/Z2J5ZrXcym

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks