General

  • Target

    file.exe

  • Size

    3.6MB

  • Sample

    221204-n6weaafh32

  • MD5

    64e81c27cf721c8228490805112ee2e8

  • SHA1

    2126d0bdee52a7e931f6e4d572ab316718c52f6c

  • SHA256

    fb382fefc89c34a38a4f387bf0124d944077032cc6589595b13c3e87612365a1

  • SHA512

    8f918297cd4dbc41d86b7c76e689f980a73af7d4bf5f5b3f8a2825725ea3c64dd9c37febff22bd696592f96b5ff6d243ef2a04027a31895755446d3f6335538e

  • SSDEEP

    98304:MSh+eUmxwpZRWS1SQPjJgtIBdICzknCEr7Xcyw:DhdtSXRxSGjJuIB+CAnb7Xcyw

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.6MB

    • MD5

      64e81c27cf721c8228490805112ee2e8

    • SHA1

      2126d0bdee52a7e931f6e4d572ab316718c52f6c

    • SHA256

      fb382fefc89c34a38a4f387bf0124d944077032cc6589595b13c3e87612365a1

    • SHA512

      8f918297cd4dbc41d86b7c76e689f980a73af7d4bf5f5b3f8a2825725ea3c64dd9c37febff22bd696592f96b5ff6d243ef2a04027a31895755446d3f6335538e

    • SSDEEP

      98304:MSh+eUmxwpZRWS1SQPjJgtIBdICzknCEr7Xcyw:DhdtSXRxSGjJuIB+CAnb7Xcyw

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks