General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-xn7t2aab91

  • MD5

    579f197eff9d9ac201f6c2a379c7e372

  • SHA1

    b9ed7401c75d55aabd427ea138ae58eafe8842fc

  • SHA256

    46092a14135e95be58018316818e0d1daa983aa373737d717b5ba5715ffd36f8

  • SHA512

    43fdef6c63ef78dedff99bb56dd209e829ca40c27aca9661ba4e53e46206c985ed6e8342e5bc96762f04389a2cb868ed82ab70060d0d7612c3f924871e8d1b01

  • SSDEEP

    49152:PYXZoph/uwpnQdvfyo43KyliFMTwSrwprT1V4GQWP7p3Q:PY6n/PlInUKy8FMTwfrT1V4GQGdQ

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      579f197eff9d9ac201f6c2a379c7e372

    • SHA1

      b9ed7401c75d55aabd427ea138ae58eafe8842fc

    • SHA256

      46092a14135e95be58018316818e0d1daa983aa373737d717b5ba5715ffd36f8

    • SHA512

      43fdef6c63ef78dedff99bb56dd209e829ca40c27aca9661ba4e53e46206c985ed6e8342e5bc96762f04389a2cb868ed82ab70060d0d7612c3f924871e8d1b01

    • SSDEEP

      49152:PYXZoph/uwpnQdvfyo43KyliFMTwSrwprT1V4GQWP7p3Q:PY6n/PlInUKy8FMTwfrT1V4GQGdQ

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks