General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-n6wp2she9t

  • MD5

    027a948a1bd4eb13daa92a7a43dc98c2

  • SHA1

    da589e983792ad3898cf9d8830736f765732fa8c

  • SHA256

    8acb2cb71c60067eb01c14ef322375bfee631d51a2f45d56765cbc03b621199b

  • SHA512

    d0c01cb1ac230f9d2a298f1769b4901dacf0f9619194e1e502a857768154519d1b4ea23524daa83be363852d569605bee0a3ae2b7646d12704b425e135163843

  • SSDEEP

    24576:wizJwUcQaz1ot8ZjOO/1f9JnLda6J3VkEphSXUjmHyEG5oTwhHCgZm+3WP7bNESB:7tc/9jOUfV7RGUjmHy35ocPQcWP7p3F

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      027a948a1bd4eb13daa92a7a43dc98c2

    • SHA1

      da589e983792ad3898cf9d8830736f765732fa8c

    • SHA256

      8acb2cb71c60067eb01c14ef322375bfee631d51a2f45d56765cbc03b621199b

    • SHA512

      d0c01cb1ac230f9d2a298f1769b4901dacf0f9619194e1e502a857768154519d1b4ea23524daa83be363852d569605bee0a3ae2b7646d12704b425e135163843

    • SSDEEP

      24576:wizJwUcQaz1ot8ZjOO/1f9JnLda6J3VkEphSXUjmHyEG5oTwhHCgZm+3WP7bNESB:7tc/9jOUfV7RGUjmHy35ocPQcWP7p3F

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks