General

  • Target

    file.exe

  • Size

    3.4MB

  • Sample

    221204-nmp36ahh6w

  • MD5

    d202899dd6c6710340b9139f8af18b76

  • SHA1

    9c3caea0839f7c4cc5c32845e49bda30c2a66149

  • SHA256

    6e14cf6d7604533cd5df94403470a9301f3b179df16c6cc8050b994ce5cd42b8

  • SHA512

    88102a337967527c73744f495f63a2f2ece10eac69cc3c00dea9e0b783ddb929eb43704d35df80835f7ecbfb11c62776d0c86aadaaa0645858df1b28dffb394a

  • SSDEEP

    98304:wekGaSdxYQFvN//mfMXvhad0EwOHdAQB7HXcyp:dtZ2E//mfMK0EpdrB7HXcyp

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.4MB

    • MD5

      d202899dd6c6710340b9139f8af18b76

    • SHA1

      9c3caea0839f7c4cc5c32845e49bda30c2a66149

    • SHA256

      6e14cf6d7604533cd5df94403470a9301f3b179df16c6cc8050b994ce5cd42b8

    • SHA512

      88102a337967527c73744f495f63a2f2ece10eac69cc3c00dea9e0b783ddb929eb43704d35df80835f7ecbfb11c62776d0c86aadaaa0645858df1b28dffb394a

    • SSDEEP

      98304:wekGaSdxYQFvN//mfMXvhad0EwOHdAQB7HXcyp:dtZ2E//mfMK0EpdrB7HXcyp

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks