General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-q2y1qahf7z

  • MD5

    401f3a48c00c079e68970adce3d21d1e

  • SHA1

    db9f1b0b9c3477ab69f4533d5fad80fc42adea62

  • SHA256

    fdac8ed0fc9b1b3c22220bca4ce895de744dea7604674ae340e87384f076a46c

  • SHA512

    432fb51366cb92295ebad6a3533665c5cc7d5f5b53c03f0bed89533b58faa9935ebb2b1525f64113a28c162dd5b0735a05278e6f3816a777bf6102fd887b9d01

  • SSDEEP

    49152:P1swpjMTj/R7GFbtyQjs8g8mXEtUWP7p3J:P1Hej/RiQQjPgRZGdJ

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      401f3a48c00c079e68970adce3d21d1e

    • SHA1

      db9f1b0b9c3477ab69f4533d5fad80fc42adea62

    • SHA256

      fdac8ed0fc9b1b3c22220bca4ce895de744dea7604674ae340e87384f076a46c

    • SHA512

      432fb51366cb92295ebad6a3533665c5cc7d5f5b53c03f0bed89533b58faa9935ebb2b1525f64113a28c162dd5b0735a05278e6f3816a777bf6102fd887b9d01

    • SSDEEP

      49152:P1swpjMTj/R7GFbtyQjs8g8mXEtUWP7p3J:P1Hej/RiQQjPgRZGdJ

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks