General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    221223-jcyv4aga96

  • MD5

    bb6b0c6a0a631b0964fbc610cba38648

  • SHA1

    307b378cefe3bd1480dd3af8c1f8cb560665ef13

  • SHA256

    60428724c18d374ade63bf70dce73d4d0e503ce95fc9eb3ea424ba9bd0519824

  • SHA512

    5701dbd3a293e7f1f6fd6be084205ea44d46190a70cadd235d9af404e2a89237f6ef31469e6e7b3ce11431b82775e6dfca9a4f67ca492383ff1678595276d6d7

  • SSDEEP

    49152:PH1r1flZm1PiVfFNDNAONZ1Nn2B/dkbR2Z+8vb4UjaVJT4L6u5WP7p30:P/tbnHNn2BVkN2Eeb/Oe64Gd0

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      bb6b0c6a0a631b0964fbc610cba38648

    • SHA1

      307b378cefe3bd1480dd3af8c1f8cb560665ef13

    • SHA256

      60428724c18d374ade63bf70dce73d4d0e503ce95fc9eb3ea424ba9bd0519824

    • SHA512

      5701dbd3a293e7f1f6fd6be084205ea44d46190a70cadd235d9af404e2a89237f6ef31469e6e7b3ce11431b82775e6dfca9a4f67ca492383ff1678595276d6d7

    • SSDEEP

      49152:PH1r1flZm1PiVfFNDNAONZ1Nn2B/dkbR2Z+8vb4UjaVJT4L6u5WP7p30:P/tbnHNn2BVkN2Eeb/Oe64Gd0

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks