General

  • Target

    file.exe

  • Size

    3.4MB

  • Sample

    221204-kp29qagh7x

  • MD5

    9660adf8bb455dc1b040ca344aeb4c0d

  • SHA1

    5bd5e4bdcefdc374fe002d155bf692b1a563b3ff

  • SHA256

    beec3d0d12b4b6cb2eb5ca51d4772c7fb06545cf04b89d84acaf921ae61d0c04

  • SHA512

    bdf745297daf366eb74eca1e618b4890099fce759c2bbb4afe2d5ea4edafa2fd1d5dcb8898aa6c8813bad57a40c185bd2f1652e18bbf0aa29093c9aa0a5a83cf

  • SSDEEP

    98304:wyZ3Kkrx4pqr67wSxYdgQKu2RS+Dvik/XcyR:TdxhYLxYjKhRS+Dvx/XcyR

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.4MB

    • MD5

      9660adf8bb455dc1b040ca344aeb4c0d

    • SHA1

      5bd5e4bdcefdc374fe002d155bf692b1a563b3ff

    • SHA256

      beec3d0d12b4b6cb2eb5ca51d4772c7fb06545cf04b89d84acaf921ae61d0c04

    • SHA512

      bdf745297daf366eb74eca1e618b4890099fce759c2bbb4afe2d5ea4edafa2fd1d5dcb8898aa6c8813bad57a40c185bd2f1652e18bbf0aa29093c9aa0a5a83cf

    • SSDEEP

      98304:wyZ3Kkrx4pqr67wSxYdgQKu2RS+Dvik/XcyR:TdxhYLxYjKhRS+Dvx/XcyR

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks