General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-nna1mabe7z

  • MD5

    ebcb64e18403b051370ad1ba06f7afd3

  • SHA1

    0e968309bec0f06e10b689d5d71852170d5856a0

  • SHA256

    e484f99fe8cc5aab700c57ebfd7950d9c949200c29783808291c632681be484d

  • SHA512

    e85205707106e55002cfd545fb7b2f78560cd4ac62996a28acf35eb78b0beb8d4770bba332b92ccdaa6f99d14089f7e489b45f7a9124cba0cf43ff1885bc50d7

  • SSDEEP

    49152:HOqeIOPDteLBDYEU4vvmM2JO+3DUVV4nWWP7p37:HOqY7IKPiA1AVVGd7

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      ebcb64e18403b051370ad1ba06f7afd3

    • SHA1

      0e968309bec0f06e10b689d5d71852170d5856a0

    • SHA256

      e484f99fe8cc5aab700c57ebfd7950d9c949200c29783808291c632681be484d

    • SHA512

      e85205707106e55002cfd545fb7b2f78560cd4ac62996a28acf35eb78b0beb8d4770bba332b92ccdaa6f99d14089f7e489b45f7a9124cba0cf43ff1885bc50d7

    • SSDEEP

      49152:HOqeIOPDteLBDYEU4vvmM2JO+3DUVV4nWWP7p37:HOqY7IKPiA1AVVGd7

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks