General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-r5vm5sef56

  • MD5

    a82cbb5876db9b912555ef1e94d9204d

  • SHA1

    4ba3c570c9b63202d416326a0c40ff10bf8de838

  • SHA256

    c83a0e91d3afaf592a1da7f6afe241eccdd3e42992de8c87935bb59f52422293

  • SHA512

    4b812e6fc166c6687049735d0fd3bfe7b1174b79d3ba489fcf409e63ab5beb8b5760ea240c01e3987e16c7de1d2f1917a656c16b0b29f15bc9257b0e480fc8de

  • SSDEEP

    49152:rl8gdZxhgHxY112mCoF7k8AjZHpJiAyXoWP7p3l:regdZHgg1QBDiqGdl

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      a82cbb5876db9b912555ef1e94d9204d

    • SHA1

      4ba3c570c9b63202d416326a0c40ff10bf8de838

    • SHA256

      c83a0e91d3afaf592a1da7f6afe241eccdd3e42992de8c87935bb59f52422293

    • SHA512

      4b812e6fc166c6687049735d0fd3bfe7b1174b79d3ba489fcf409e63ab5beb8b5760ea240c01e3987e16c7de1d2f1917a656c16b0b29f15bc9257b0e480fc8de

    • SSDEEP

      49152:rl8gdZxhgHxY112mCoF7k8AjZHpJiAyXoWP7p3l:regdZHgg1QBDiqGdl

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks