General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221222-rk5bvahg2z

  • MD5

    7774b1412fde70b6366c86f21cec6fc7

  • SHA1

    a737f4580baca07d44ba90bd035dafd7c341d38d

  • SHA256

    56de6d4d2e9dd65ec5f7c9e4a053629ef7b743e497c07bb63583a47268ed0124

  • SHA512

    95f48a1d4e761e17c036467a2b65e677283e12a0136fd7618339c671319c3b382196637cb2588a8cb0f49863b47484b325ef73d407e70c36c1052f26abbc8b78

  • SSDEEP

    49152:7eOFzIfjk4vpLyR1nwRvGTTBvuJghLVQYuWWRQ9gCG1wlWP7p35:7eOFzAhZy7DfBrgEAQ9gdeGd5

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      7774b1412fde70b6366c86f21cec6fc7

    • SHA1

      a737f4580baca07d44ba90bd035dafd7c341d38d

    • SHA256

      56de6d4d2e9dd65ec5f7c9e4a053629ef7b743e497c07bb63583a47268ed0124

    • SHA512

      95f48a1d4e761e17c036467a2b65e677283e12a0136fd7618339c671319c3b382196637cb2588a8cb0f49863b47484b325ef73d407e70c36c1052f26abbc8b78

    • SSDEEP

      49152:7eOFzIfjk4vpLyR1nwRvGTTBvuJghLVQYuWWRQ9gCG1wlWP7p35:7eOFzAhZy7DfBrgEAQ9gdeGd5

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks