General

  • Target

    8e4d60fbedd0fda50ffe79d2ad1831790d0258d2d421acb942100e40d2ae0253.exe

  • Size

    3.4MB

  • Sample

    221204-n8lymabg3w

  • MD5

    3c4f62e575eee7954b28d9195a1867b4

  • SHA1

    74fe05ba5b7767e2df691cd5d8a8528cc860e724

  • SHA256

    8e4d60fbedd0fda50ffe79d2ad1831790d0258d2d421acb942100e40d2ae0253

  • SHA512

    ed52afab1bde2fb7f4a59578e1a35ce56ad69a36cddb7c9eaad78a7aa1f9da563037252c507da711398e06e0bf6736401a833bc2b0f2a25c7bd2d4f7cefedd3f

  • SSDEEP

    98304:IX3/na2FU1sDpkVZwEUtBmuJsWTftRozfJ2PAEqSldBv/yFXcy5:4fDcsDuwqRdU9qikFXcy5

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      8e4d60fbedd0fda50ffe79d2ad1831790d0258d2d421acb942100e40d2ae0253.exe

    • Size

      3.4MB

    • MD5

      3c4f62e575eee7954b28d9195a1867b4

    • SHA1

      74fe05ba5b7767e2df691cd5d8a8528cc860e724

    • SHA256

      8e4d60fbedd0fda50ffe79d2ad1831790d0258d2d421acb942100e40d2ae0253

    • SHA512

      ed52afab1bde2fb7f4a59578e1a35ce56ad69a36cddb7c9eaad78a7aa1f9da563037252c507da711398e06e0bf6736401a833bc2b0f2a25c7bd2d4f7cefedd3f

    • SSDEEP

      98304:IX3/na2FU1sDpkVZwEUtBmuJsWTftRozfJ2PAEqSldBv/yFXcy5:4fDcsDuwqRdU9qikFXcy5

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks