General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    221222-pqlqksed92

  • MD5

    948371c4741684fe490345a9fb3724bd

  • SHA1

    0a4f2d693c0d9663f875ab8f661fa1aa23cac9f1

  • SHA256

    b24c99961f8418b40b4e73c15b7f8f263b7caaaa94fd52442d2cca2e378fc680

  • SHA512

    ac99476d922dff11ffaba6a4dc314f0d2d48233a88c853939cc59effdda2d0b694ab65a7f5697438be8d7889ed0b046ed2a9207bcd5af5f3016c185608f065b7

  • SSDEEP

    49152:zwQv2/Cl08TOoJ2ixHp+sbTPVBMlgMYpMGybWP7p3N:zwiaCl9O4NNFBqYq/GdN

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      948371c4741684fe490345a9fb3724bd

    • SHA1

      0a4f2d693c0d9663f875ab8f661fa1aa23cac9f1

    • SHA256

      b24c99961f8418b40b4e73c15b7f8f263b7caaaa94fd52442d2cca2e378fc680

    • SHA512

      ac99476d922dff11ffaba6a4dc314f0d2d48233a88c853939cc59effdda2d0b694ab65a7f5697438be8d7889ed0b046ed2a9207bcd5af5f3016c185608f065b7

    • SSDEEP

      49152:zwQv2/Cl08TOoJ2ixHp+sbTPVBMlgMYpMGybWP7p3N:zwiaCl9O4NNFBqYq/GdN

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks