General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-va38kshh9y

  • MD5

    cb0ead25146361ce3e9504702e0b2275

  • SHA1

    bd39e6edf3269b26c4a3a1a27fece855d6e9e526

  • SHA256

    09342b36a9592eacdf7189757e1527bd59fd2f096c46a11a7270d87f280232f6

  • SHA512

    d6f81cad4af928c11145bb60053da558451c971d6d06ed1246c6525048503e5fd454312084279f14948be586e8d995a184e43b682afaddbd9ae5d5bbc36e372a

  • SSDEEP

    49152:L4I+qI3xH94NGY4M1JPAQ4Zm4rkzAEjjyEWP7p32:Lm3xqN53Pj4rifyEGd2

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      cb0ead25146361ce3e9504702e0b2275

    • SHA1

      bd39e6edf3269b26c4a3a1a27fece855d6e9e526

    • SHA256

      09342b36a9592eacdf7189757e1527bd59fd2f096c46a11a7270d87f280232f6

    • SHA512

      d6f81cad4af928c11145bb60053da558451c971d6d06ed1246c6525048503e5fd454312084279f14948be586e8d995a184e43b682afaddbd9ae5d5bbc36e372a

    • SSDEEP

      49152:L4I+qI3xH94NGY4M1JPAQ4Zm4rkzAEjjyEWP7p32:Lm3xqN53Pj4rifyEGd2

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks