General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-x8cvdsfb23

  • MD5

    81fcd343235a0e0571207d59e37d1ed5

  • SHA1

    f6a85a526dc200693b295f8b83db7bdfe3b61123

  • SHA256

    95e1588c6d8eed966be0ebb335165342895ad5c776e75f19c63e7b769dd7ea48

  • SHA512

    62605d0bcf3b6bf6334b5fed63e04d4447bd7175af8480db9b37358c61406ae9095d0a6c9cb62c05ac032ebbc5ef19dac5210c72a89600e4eab36549f4facd4d

  • SSDEEP

    49152:bVcYs2wz+mtXXwPh9wjMtPBHUzEZlfDWP7p3s:bVcYaaGnSnwMpHUzEZlfDGds

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      81fcd343235a0e0571207d59e37d1ed5

    • SHA1

      f6a85a526dc200693b295f8b83db7bdfe3b61123

    • SHA256

      95e1588c6d8eed966be0ebb335165342895ad5c776e75f19c63e7b769dd7ea48

    • SHA512

      62605d0bcf3b6bf6334b5fed63e04d4447bd7175af8480db9b37358c61406ae9095d0a6c9cb62c05ac032ebbc5ef19dac5210c72a89600e4eab36549f4facd4d

    • SSDEEP

      49152:bVcYs2wz+mtXXwPh9wjMtPBHUzEZlfDWP7p3s:bVcYaaGnSnwMpHUzEZlfDGds

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks