General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-w52tnsab3z

  • MD5

    5082fecb3c6914319599569dfd39c5d0

  • SHA1

    9d4d4352591f8a8dff4e83525144e9ca0179102c

  • SHA256

    18f848cc1b3e09658d54582ac5a608fbe611a35e889b41e1c81affdfd03332ee

  • SHA512

    603735246e1be063eda510601ebee6b3f27a4467be72fcb21e848ae55490849e14aa1d96359a1124751522baa7b198fe4f4dc32976c79023e5a6df3e6744cef3

  • SSDEEP

    49152:jB+qaR4HwAysl11vsEylhDY/ig/87EXN5fWP7p3E:jB+qaRFE1UESZY/i9EXN5fGdE

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      5082fecb3c6914319599569dfd39c5d0

    • SHA1

      9d4d4352591f8a8dff4e83525144e9ca0179102c

    • SHA256

      18f848cc1b3e09658d54582ac5a608fbe611a35e889b41e1c81affdfd03332ee

    • SHA512

      603735246e1be063eda510601ebee6b3f27a4467be72fcb21e848ae55490849e14aa1d96359a1124751522baa7b198fe4f4dc32976c79023e5a6df3e6744cef3

    • SSDEEP

      49152:jB+qaR4HwAysl11vsEylhDY/ig/87EXN5fWP7p3E:jB+qaRFE1UESZY/i9EXN5fGdE

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks