General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-wme7ysaa8t

  • MD5

    f69e1ec6fc5824fb20aa02ddcd44848f

  • SHA1

    35832eb21c14bc2968b29455bfaf36739a94f5d8

  • SHA256

    ecebdfa1b231344e01e2910d0628ac8d282c007999f493ef39f9ce960eec2afc

  • SHA512

    88e857dfec87c88acab286df965eb871b0f4e90bbb0d7dd4ec0f81aa370220283761afad1d5d70c635a44f2bc6b136c49e66e520c68e68b13acaa1bd7e44c352

  • SSDEEP

    49152:LirS/rAiVOJRRRRUCAQGuUZFnucLihL+lULWP7p3N:LiuD9VOJvGQMF4+GLGdN

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      f69e1ec6fc5824fb20aa02ddcd44848f

    • SHA1

      35832eb21c14bc2968b29455bfaf36739a94f5d8

    • SHA256

      ecebdfa1b231344e01e2910d0628ac8d282c007999f493ef39f9ce960eec2afc

    • SHA512

      88e857dfec87c88acab286df965eb871b0f4e90bbb0d7dd4ec0f81aa370220283761afad1d5d70c635a44f2bc6b136c49e66e520c68e68b13acaa1bd7e44c352

    • SSDEEP

      49152:LirS/rAiVOJRRRRUCAQGuUZFnucLihL+lULWP7p3N:LiuD9VOJvGQMF4+GLGdN

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks