General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-m4j3ssbe51

  • MD5

    f3005838ad031ab9dfa8a964c39f022d

  • SHA1

    8d3cabd7079a1a8ad111a4602c507beaaaf47639

  • SHA256

    e7d3efe42d4317c76a66bbaf9d12e2df2aac9256f2b4e6122ed793a26bcd6ea0

  • SHA512

    5113e8f88270637527abc030990ceb0894770fa9f5d9757a76a94f6b7573ed18dab61919d7586b178fce3ec516e7a9c73e7bbcbba6ca1f8760402b826eab95e3

  • SSDEEP

    49152:bTBj4us1sfCbSZ+5ElyW6cyB7eFdwg7unvpVWP7p3N:bTBj431sZ+U76H9eFig7unRVGdN

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      f3005838ad031ab9dfa8a964c39f022d

    • SHA1

      8d3cabd7079a1a8ad111a4602c507beaaaf47639

    • SHA256

      e7d3efe42d4317c76a66bbaf9d12e2df2aac9256f2b4e6122ed793a26bcd6ea0

    • SHA512

      5113e8f88270637527abc030990ceb0894770fa9f5d9757a76a94f6b7573ed18dab61919d7586b178fce3ec516e7a9c73e7bbcbba6ca1f8760402b826eab95e3

    • SSDEEP

      49152:bTBj4us1sfCbSZ+5ElyW6cyB7eFdwg7unvpVWP7p3N:bTBj431sZ+U76H9eFig7unRVGdN

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks