General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-n6wp2sbe9x

  • MD5

    17affd5abcb4c2ec13b309d0ec45bdac

  • SHA1

    176fb6ed7fc0ac9fca8977fb276a8737fa8c4d3f

  • SHA256

    0079d51ea34fd2f6435e5478459d67ed5a10a98fbc00b04990a0116f914a4ebb

  • SHA512

    8f4932fb3a067ca5eb0aea3fc891837efcd3dad41a571ce0aad6f117fc69572e0d64766248ce3012bb4b05197caae135dbe1e09f9bc648c624b5af557a1ebbc0

  • SSDEEP

    24576:AizJwGqDeQoeHUHY0BnhxlOfeBvyeEet2BROAUIsuQ+TpTpt2DyRLyNSXs09O3Wj:LQD70jxlbcCJTsLlvTMWP7p35

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      17affd5abcb4c2ec13b309d0ec45bdac

    • SHA1

      176fb6ed7fc0ac9fca8977fb276a8737fa8c4d3f

    • SHA256

      0079d51ea34fd2f6435e5478459d67ed5a10a98fbc00b04990a0116f914a4ebb

    • SHA512

      8f4932fb3a067ca5eb0aea3fc891837efcd3dad41a571ce0aad6f117fc69572e0d64766248ce3012bb4b05197caae135dbe1e09f9bc648c624b5af557a1ebbc0

    • SSDEEP

      24576:AizJwGqDeQoeHUHY0BnhxlOfeBvyeEet2BROAUIsuQ+TpTpt2DyRLyNSXs09O3Wj:LQD70jxlbcCJTsLlvTMWP7p35

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks