General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221223-pql2cabf3w

  • MD5

    0ee9ad1f45333d3bd3b6a014519c3dd5

  • SHA1

    a5e79399b150770dc9ae682cb8eb94e9dbf7625f

  • SHA256

    770ba3b74c687fcc114dcec7621a0a278a7d13145efec6e223adb37b26a82016

  • SHA512

    e6e42590de36582b6d7a7d61fabf5a049327ca4440131b9201ae6278bb982fd79ca2000866adb87a13ad368847b27d15d20c70e85866b56af69322e86105bb12

  • SSDEEP

    49152:X56rI7iqSEo2q2xyRTPcq395uR1Hw6UOm80HeCWC57WP7p3L:XmIeqSt23OTPcqt5s7Rm80+CWwGdL

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      0ee9ad1f45333d3bd3b6a014519c3dd5

    • SHA1

      a5e79399b150770dc9ae682cb8eb94e9dbf7625f

    • SHA256

      770ba3b74c687fcc114dcec7621a0a278a7d13145efec6e223adb37b26a82016

    • SHA512

      e6e42590de36582b6d7a7d61fabf5a049327ca4440131b9201ae6278bb982fd79ca2000866adb87a13ad368847b27d15d20c70e85866b56af69322e86105bb12

    • SSDEEP

      49152:X56rI7iqSEo2q2xyRTPcq395uR1Hw6UOm80HeCWC57WP7p3L:XmIeqSt23OTPcqt5s7Rm80+CWwGdL

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks