General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-2fc2xaaf2y

  • MD5

    f79379dd74200f24a5b29355c4a98780

  • SHA1

    4507a067f45674d621d48f1a655be32a1f6b24f4

  • SHA256

    cfe33a88d906c64ae91117ab5437d5d28f718a211c2f4f3cf79317af241ec125

  • SHA512

    bb9bdbf3f5aa49aec5740e9ac14d7c864ff09106bcc23633413d2ca90ae5ab0f1eb24c2c53604efaa006578f5c7b06629df1fef84d568d725530eb2c0f43b5df

  • SSDEEP

    49152:bfxxknvGzoKDXVZgmLPYnRd5DkOr7f8L7GrAuWP7p3r:bfxxkqoxnXf8L7sAuGdr

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      f79379dd74200f24a5b29355c4a98780

    • SHA1

      4507a067f45674d621d48f1a655be32a1f6b24f4

    • SHA256

      cfe33a88d906c64ae91117ab5437d5d28f718a211c2f4f3cf79317af241ec125

    • SHA512

      bb9bdbf3f5aa49aec5740e9ac14d7c864ff09106bcc23633413d2ca90ae5ab0f1eb24c2c53604efaa006578f5c7b06629df1fef84d568d725530eb2c0f43b5df

    • SSDEEP

      49152:bfxxknvGzoKDXVZgmLPYnRd5DkOr7f8L7GrAuWP7p3r:bfxxkqoxnXf8L7sAuGdr

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks