General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-trclhshh6x

  • MD5

    e720266cceb5c324df0c83e10486dbbc

  • SHA1

    a7bf15ee2c9e79295ba577b8d936da7ce0bbef34

  • SHA256

    b5c3cc65f7ae070170306bc983966fdf3f27d588c6eae50eae0a3211fb89b814

  • SHA512

    2b84941aea678ddd4f8caa26fced6433f177be9246d034855ee41be41a5ecef73b3a8ec7d057d078c3eb3e5278a8f84b1cd32c0ea1011c9440240f0efeb6d075

  • SSDEEP

    49152:b/ogMyuUK7f18nfX0U4KQ26gTiYfEineUdZvAo08ugFYVWP7p3q:b1JuUc9IfX0UXQ27nHfAodlEGdq

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      e720266cceb5c324df0c83e10486dbbc

    • SHA1

      a7bf15ee2c9e79295ba577b8d936da7ce0bbef34

    • SHA256

      b5c3cc65f7ae070170306bc983966fdf3f27d588c6eae50eae0a3211fb89b814

    • SHA512

      2b84941aea678ddd4f8caa26fced6433f177be9246d034855ee41be41a5ecef73b3a8ec7d057d078c3eb3e5278a8f84b1cd32c0ea1011c9440240f0efeb6d075

    • SSDEEP

      49152:b/ogMyuUK7f18nfX0U4KQ26gTiYfEineUdZvAo08ugFYVWP7p3q:b1JuUc9IfX0UXQ27nHfAodlEGdq

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks