General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-vjjkjaaa3s

  • MD5

    6eea3379af1f90b861464f276070a8b8

  • SHA1

    17a8a37d0d733791ca135ca5f8a33d20949356ee

  • SHA256

    7dd134b5450749d4b8daa421e0f3596ec0070be90ba356d7403e813ec841a7ed

  • SHA512

    54ba5191119591ba845d4fd26e014cb6aeca65a9555fd22a274a85045b346b0d738aae9ba2c3ffbc7833ae12f4593060262b4db3814fbfac8b858c004f502d2c

  • SSDEEP

    49152:rbTgnyiIyyQ5rMw8o0ufaC7DUMP8f+nUj1tdWP7p3Q:rbAC8F8ts7jPnsdGdQ

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      6eea3379af1f90b861464f276070a8b8

    • SHA1

      17a8a37d0d733791ca135ca5f8a33d20949356ee

    • SHA256

      7dd134b5450749d4b8daa421e0f3596ec0070be90ba356d7403e813ec841a7ed

    • SHA512

      54ba5191119591ba845d4fd26e014cb6aeca65a9555fd22a274a85045b346b0d738aae9ba2c3ffbc7833ae12f4593060262b4db3814fbfac8b858c004f502d2c

    • SSDEEP

      49152:rbTgnyiIyyQ5rMw8o0ufaC7DUMP8f+nUj1tdWP7p3Q:rbAC8F8ts7jPnsdGdQ

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks