General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221222-zj95psfb73

  • MD5

    5a91d2b37cae68aa291131d1d52ad7b3

  • SHA1

    168c94495951bc94d28a2e1f1a47866845b991ca

  • SHA256

    d029ad7d60d3fcbb3f8b59f2b0dd58f5be27a3135ca2549fffacf16391376a35

  • SHA512

    1ded849875d72b04fbb19c426d947bf26b8aeeabe1719d50818dd5a7c561aed49d32c077a3483bde21c92f2c7107ef65967ed88ac0dfa51f7163c84bdf38aca2

  • SSDEEP

    49152:zz8fuPahMmD3IPLlir/T8s/AKkyC6YJx5YT6N3+OzWP7p3Y:zz8fyy3IPxOT85KCvdYTYzGdY

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      5a91d2b37cae68aa291131d1d52ad7b3

    • SHA1

      168c94495951bc94d28a2e1f1a47866845b991ca

    • SHA256

      d029ad7d60d3fcbb3f8b59f2b0dd58f5be27a3135ca2549fffacf16391376a35

    • SHA512

      1ded849875d72b04fbb19c426d947bf26b8aeeabe1719d50818dd5a7c561aed49d32c077a3483bde21c92f2c7107ef65967ed88ac0dfa51f7163c84bdf38aca2

    • SSDEEP

      49152:zz8fuPahMmD3IPLlir/T8s/AKkyC6YJx5YT6N3+OzWP7p3Y:zz8fyy3IPxOT85KCvdYTYzGdY

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks