General

  • Target

    file.exe

  • Size

    3.4MB

  • Sample

    221204-pqmmwadd31

  • MD5

    ab5e7c1d0eebeb03f8293445dfcd9e3b

  • SHA1

    24cda21bde7aaa658e0d4c36919c116b0e274b8b

  • SHA256

    0f8b3a01f8ac147ede37b898b829da2f11807946a97a7689cfe3455a8edf1501

  • SHA512

    76c24eedce49ec139c1f4ddc0c5eebbe7c48aa4937c742aad93522a70a9ea999dcee59b613463bc901cb4f9b8205fc404536e695e1b5d9b5bd3bb5708addf4a4

  • SSDEEP

    98304:wapeY0D3IPQHw1SERVWb/F9eHnXAuJfbtixohuLXcyo:Jv04QHXIyd0nX79b8xrLXcyo

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      3.4MB

    • MD5

      ab5e7c1d0eebeb03f8293445dfcd9e3b

    • SHA1

      24cda21bde7aaa658e0d4c36919c116b0e274b8b

    • SHA256

      0f8b3a01f8ac147ede37b898b829da2f11807946a97a7689cfe3455a8edf1501

    • SHA512

      76c24eedce49ec139c1f4ddc0c5eebbe7c48aa4937c742aad93522a70a9ea999dcee59b613463bc901cb4f9b8205fc404536e695e1b5d9b5bd3bb5708addf4a4

    • SSDEEP

      98304:wapeY0D3IPQHw1SERVWb/F9eHnXAuJfbtixohuLXcyo:Jv04QHXIyd0nX79b8xrLXcyo

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks