General

  • Target

    2f92ffe52158587d6e9d88114ac342be60d625f3977990185827ec202e9d049a.exe

  • Size

    3.6MB

  • Sample

    221204-p1jzqsec2v

  • MD5

    519f7c13edc48674c9ac115050b84aa6

  • SHA1

    0395d75e4ae8d4b7caccc908c227a16f116da80e

  • SHA256

    2f92ffe52158587d6e9d88114ac342be60d625f3977990185827ec202e9d049a

  • SHA512

    b09c28b2d29be4f7b833479e84b9682200215046a5caf94a892eb71eb16ce35acfd80c67d9fa95ebf16ca274dca95bf6a0dfa57fd579103a277fa02e86cb2aa4

  • SSDEEP

    98304:Au4g5lq1Obh2oT4YEQCw5t/zkAVefBHreIwedXcyK:h4g5QzK904xkzZihedXcyK

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      2f92ffe52158587d6e9d88114ac342be60d625f3977990185827ec202e9d049a.exe

    • Size

      3.6MB

    • MD5

      519f7c13edc48674c9ac115050b84aa6

    • SHA1

      0395d75e4ae8d4b7caccc908c227a16f116da80e

    • SHA256

      2f92ffe52158587d6e9d88114ac342be60d625f3977990185827ec202e9d049a

    • SHA512

      b09c28b2d29be4f7b833479e84b9682200215046a5caf94a892eb71eb16ce35acfd80c67d9fa95ebf16ca274dca95bf6a0dfa57fd579103a277fa02e86cb2aa4

    • SSDEEP

      98304:Au4g5lq1Obh2oT4YEQCw5t/zkAVefBHreIwedXcyK:h4g5QzK904xkzZihedXcyK

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks