General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-pzmn8sed96

  • MD5

    344803145691aecc92e68d9dc7c43474

  • SHA1

    9f4eb88e627cad53ded56dfff05c768e29b48773

  • SHA256

    ed8d10a0c2ba46ade43d6eb32366a18a088cd1bf47094a83eadea9b104f6d454

  • SHA512

    9b4f10bbb78b98e9e9f95305ab18a1d09508950042a5c6f8101aec329d620eb123ccb4bda382ffcaa67d25394ceb510e5d41859411ae3fb3c1f0f2996b6f4373

  • SSDEEP

    49152:HDtRhFSGlt2E8fDVVmEbPStFqE7m2XAmPtWP7p3D:HbTSTjLRVuPtGdD

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      344803145691aecc92e68d9dc7c43474

    • SHA1

      9f4eb88e627cad53ded56dfff05c768e29b48773

    • SHA256

      ed8d10a0c2ba46ade43d6eb32366a18a088cd1bf47094a83eadea9b104f6d454

    • SHA512

      9b4f10bbb78b98e9e9f95305ab18a1d09508950042a5c6f8101aec329d620eb123ccb4bda382ffcaa67d25394ceb510e5d41859411ae3fb3c1f0f2996b6f4373

    • SSDEEP

      49152:HDtRhFSGlt2E8fDVVmEbPStFqE7m2XAmPtWP7p3D:HbTSTjLRVuPtGdD

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks