General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-qsdnesbf7w

  • MD5

    de73103fff1123ca58129f5525534662

  • SHA1

    2cb7b69994819a7bc92a9f45a579a7ba916293d0

  • SHA256

    7f2dda438d0a93bf32583e68fce86509666e2fb3029c9d2618a686045c5a69f5

  • SHA512

    96dd8030fc98782602f4a88c0b93a730b54db3299c5a6aba8f181507093778fdf852ff4a076698e8cc82a921af1b07325d85c7a7cd753c5e5bb5df91ffbaa771

  • SSDEEP

    49152:LFMgYlkaq+qoqpla22T0AgM13ccXWP7p3C:LFMgYlnqoqWgccGGdC

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      de73103fff1123ca58129f5525534662

    • SHA1

      2cb7b69994819a7bc92a9f45a579a7ba916293d0

    • SHA256

      7f2dda438d0a93bf32583e68fce86509666e2fb3029c9d2618a686045c5a69f5

    • SHA512

      96dd8030fc98782602f4a88c0b93a730b54db3299c5a6aba8f181507093778fdf852ff4a076698e8cc82a921af1b07325d85c7a7cd753c5e5bb5df91ffbaa771

    • SSDEEP

      49152:LFMgYlkaq+qoqpla22T0AgM13ccXWP7p3C:LFMgYlnqoqWgccGGdC

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks