General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-v3p7esaa51

  • MD5

    eaac4379938fc8027c97ec76d3edd35b

  • SHA1

    52c3e9ea44ab0d20cee2728ec880e8243670e201

  • SHA256

    d53a97dc7e1d7ab8c5e11406617184cca034f6fff8f570c23972dc47e922b0af

  • SHA512

    2a9420d1f1031376a8361718309e1de56c4b78bcee793f7860cf475f6a0e9d39d7541ea1783772629c5e03a13bb8bd917d7b00bf44c1998a053033f7923e177f

  • SSDEEP

    49152:bv2f289qq1Yo/qQp+9gvdFGuBpKAvyOHAoWP7p3t:bvn8owbw90dFbMAvyq5Gdt

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      eaac4379938fc8027c97ec76d3edd35b

    • SHA1

      52c3e9ea44ab0d20cee2728ec880e8243670e201

    • SHA256

      d53a97dc7e1d7ab8c5e11406617184cca034f6fff8f570c23972dc47e922b0af

    • SHA512

      2a9420d1f1031376a8361718309e1de56c4b78bcee793f7860cf475f6a0e9d39d7541ea1783772629c5e03a13bb8bd917d7b00bf44c1998a053033f7923e177f

    • SSDEEP

      49152:bv2f289qq1Yo/qQp+9gvdFGuBpKAvyOHAoWP7p3t:bvn8owbw90dFbMAvyq5Gdt

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks