General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-sn192abg8w

  • MD5

    2045542efa6e268bb6c7009eb128e672

  • SHA1

    9f129f17e0138688bd307ad4b9470c8fdf80a0f0

  • SHA256

    292021b9838ec53b202e570f82ea0223a2f7d7edcb58f5ffbc7096192c668170

  • SHA512

    19530a4d3a73b4bc95b3c3325a81fa8880c72cc2ff5b426800033f294cdc3fa2ff4c9bdd98d20e7c41a6d51a40bfee22bda9d7fef51a183dbb506e766e3f19c0

  • SSDEEP

    49152:vRRpfCyfo+erGS1EZdlXu1NvoqYHFRI3Xq/WP7p3e:vRR8yfz4/slXu1NvJn3kGde

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      2045542efa6e268bb6c7009eb128e672

    • SHA1

      9f129f17e0138688bd307ad4b9470c8fdf80a0f0

    • SHA256

      292021b9838ec53b202e570f82ea0223a2f7d7edcb58f5ffbc7096192c668170

    • SHA512

      19530a4d3a73b4bc95b3c3325a81fa8880c72cc2ff5b426800033f294cdc3fa2ff4c9bdd98d20e7c41a6d51a40bfee22bda9d7fef51a183dbb506e766e3f19c0

    • SSDEEP

      49152:vRRpfCyfo+erGS1EZdlXu1NvoqYHFRI3Xq/WP7p3e:vRR8yfz4/slXu1NvJn3kGde

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks