General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-s8rlbshh4t

  • MD5

    09527e5e0dfd2005e614589f706a3be9

  • SHA1

    dc37c2ce1c15df5c61eff3214b0d98328b12ae5e

  • SHA256

    4182e3c07ab176104c06195321dc88d6fdcd3c93a5cd659c06bb80d4b69a9949

  • SHA512

    ef17d0d3458e222d1fd555d1adcd81201f89c0cca40dd61f279ede30198603291670479a4a95cb576eeddad447018b1bcc61d8eb7ae11d3bca842db9b283d144

  • SSDEEP

    49152:bs4wgJerq+XEDKoSxGiAIuMjxjDT2WP7p37:bBSU+otdfMjxz2Gd7

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      09527e5e0dfd2005e614589f706a3be9

    • SHA1

      dc37c2ce1c15df5c61eff3214b0d98328b12ae5e

    • SHA256

      4182e3c07ab176104c06195321dc88d6fdcd3c93a5cd659c06bb80d4b69a9949

    • SHA512

      ef17d0d3458e222d1fd555d1adcd81201f89c0cca40dd61f279ede30198603291670479a4a95cb576eeddad447018b1bcc61d8eb7ae11d3bca842db9b283d144

    • SSDEEP

      49152:bs4wgJerq+XEDKoSxGiAIuMjxjDT2WP7p37:bBSU+otdfMjxz2Gd7

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks