General

  • Target

    3c868367d2fe2bdda3f38fdc739069d9ed75020747c1170b6433f5563d8c51dd.exe

  • Size

    3.6MB

  • Sample

    221204-meyjwsea4x

  • MD5

    0b48282146973d481e004851373bbdaa

  • SHA1

    69efbcffa4e2fd1dddeef601fe3deb8a5c3b89df

  • SHA256

    3c868367d2fe2bdda3f38fdc739069d9ed75020747c1170b6433f5563d8c51dd

  • SHA512

    bf6b8890f64f9cd776f6c85416cb2909a37c44f0de48c766afc1c6e49ff101463a829bc149f38c34f997c8e911ef1db8fe19323ae5a7ffc2aceed2babf2488da

  • SSDEEP

    98304:M0wrTdXZkB82HO6qmWqY5HtV2radOLi/WUEShiclpsXcyr:Hw/dIrTqzqY5HrKaOLA3B3sXcyr

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      3c868367d2fe2bdda3f38fdc739069d9ed75020747c1170b6433f5563d8c51dd.exe

    • Size

      3.6MB

    • MD5

      0b48282146973d481e004851373bbdaa

    • SHA1

      69efbcffa4e2fd1dddeef601fe3deb8a5c3b89df

    • SHA256

      3c868367d2fe2bdda3f38fdc739069d9ed75020747c1170b6433f5563d8c51dd

    • SHA512

      bf6b8890f64f9cd776f6c85416cb2909a37c44f0de48c766afc1c6e49ff101463a829bc149f38c34f997c8e911ef1db8fe19323ae5a7ffc2aceed2babf2488da

    • SSDEEP

      98304:M0wrTdXZkB82HO6qmWqY5HtV2radOLi/WUEShiclpsXcyr:Hw/dIrTqzqY5HrKaOLA3B3sXcyr

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks