General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-lrmsgsgc46

  • MD5

    08ac4e7d36b04a6d23a2c3a77fc9c95e

  • SHA1

    7ce92fad35748e8093c901adbbe12cc53f178d0c

  • SHA256

    d185af730ecf3fef76661af0c982e7389fa323e79ddb5dae3c762296d54b63c8

  • SHA512

    e566cbe7d189eb8a689d89399dd78a672446e168b6c5f071e4cf692d0aab08490f962076e0163cc42c33e987a23e23d682f7a83a41b3a1d2ea1a96a4774cde91

  • SSDEEP

    49152:7iV8y2ocd5RNSqO3bTA2ir4GoSDK+6V+MWP7p33:7HyC5rO3bJizoSDKvUMGd3

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      08ac4e7d36b04a6d23a2c3a77fc9c95e

    • SHA1

      7ce92fad35748e8093c901adbbe12cc53f178d0c

    • SHA256

      d185af730ecf3fef76661af0c982e7389fa323e79ddb5dae3c762296d54b63c8

    • SHA512

      e566cbe7d189eb8a689d89399dd78a672446e168b6c5f071e4cf692d0aab08490f962076e0163cc42c33e987a23e23d682f7a83a41b3a1d2ea1a96a4774cde91

    • SSDEEP

      49152:7iV8y2ocd5RNSqO3bTA2ir4GoSDK+6V+MWP7p33:7HyC5rO3bJizoSDKvUMGd3

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks