General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221223-wmfhqagh29

  • MD5

    6c46e7fe9cf2982e17b531f751fee18b

  • SHA1

    c77ae890e8a3f121f0a985d456908873cccabb08

  • SHA256

    8ea158bbb6d29a7cdc17601204b05859441d505ab9ce70ce8cc226a4e49bd082

  • SHA512

    937b798e69d39a122a3439288b7b3e1647b81105da0ddff38ef0151a33b707c2dc91deb7ff658787e84796144d4cd6c0c2cb2fc3c6305397fb58b108e05d8566

  • SSDEEP

    49152:jc7OcpLiq0KGiyRQom0ucjwdTJQbTMZ8BEMHWP7p3x:j2LoK6RLsTJqDE4Gdx

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      6c46e7fe9cf2982e17b531f751fee18b

    • SHA1

      c77ae890e8a3f121f0a985d456908873cccabb08

    • SHA256

      8ea158bbb6d29a7cdc17601204b05859441d505ab9ce70ce8cc226a4e49bd082

    • SHA512

      937b798e69d39a122a3439288b7b3e1647b81105da0ddff38ef0151a33b707c2dc91deb7ff658787e84796144d4cd6c0c2cb2fc3c6305397fb58b108e05d8566

    • SSDEEP

      49152:jc7OcpLiq0KGiyRQom0ucjwdTJQbTMZ8BEMHWP7p3x:j2LoK6RLsTJqDE4Gdx

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks