General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-tqs7wabh6t

  • MD5

    cfae27a439a416810fc4ad25e9d15692

  • SHA1

    534866545b758c60fa114d9def356ff94d7dd3b1

  • SHA256

    790563fd63a187d62fc89c3084cce4d01bd7e48807cbb249f5c52dd7569d9843

  • SHA512

    2656cf29d0d75a24f6d37db104f7fd8b8d6240e0ac701d0ead4939d4dd7858a4f1f9fd62b2cd230f5a5139e3a50f2e30ecf061d0e10f9cfdd81366601577d8a5

  • SSDEEP

    49152:7UopEU/Zqz+Q9uYqXwDcONjrMTdpxCmSDBoYRv9KWP7p3+:7//g4wQOJ4TdpF9YRAGd+

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      cfae27a439a416810fc4ad25e9d15692

    • SHA1

      534866545b758c60fa114d9def356ff94d7dd3b1

    • SHA256

      790563fd63a187d62fc89c3084cce4d01bd7e48807cbb249f5c52dd7569d9843

    • SHA512

      2656cf29d0d75a24f6d37db104f7fd8b8d6240e0ac701d0ead4939d4dd7858a4f1f9fd62b2cd230f5a5139e3a50f2e30ecf061d0e10f9cfdd81366601577d8a5

    • SSDEEP

      49152:7UopEU/Zqz+Q9uYqXwDcONjrMTdpxCmSDBoYRv9KWP7p3+:7//g4wQOJ4TdpF9YRAGd+

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks