General

  • Target

    56642907086bb2356742b296b74d411ad4304d4a844b5bb87cd36c57f6cc7d9f

  • Size

    1.7MB

  • Sample

    221227-3pqvssbh8s

  • MD5

    72dc1bf8c7766c3b2f05f2d007f1b4bd

  • SHA1

    0a78db328aec93caad5e5d82ddee81576d59b4f9

  • SHA256

    0436ae50ac2820e465880bc8863790e37526a6b06dc7863d15559b1b89784357

  • SHA512

    4dd55009e382a26527d68faade15d93512de061a71241ece6b6b79a7ece12cf5ec20091fbb8e4d339290e6edb0b43b2f31543b404d3f47b0349fa6e2e7337cc6

  • SSDEEP

    49152:pNPPyMyDEgP+6nO6OJOWRY0Foh2l6AMzpM:pNPp0+6nOZJNOh2Z

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      56642907086bb2356742b296b74d411ad4304d4a844b5bb87cd36c57f6cc7d9f

    • Size

      1.9MB

    • MD5

      ef0b47a8cb8a447e97b7cc71a5fe1b4f

    • SHA1

      6f26bc9bc32375f8a3b3265a0eec24ced50cd9db

    • SHA256

      56642907086bb2356742b296b74d411ad4304d4a844b5bb87cd36c57f6cc7d9f

    • SHA512

      d769941620540b2b5bd41fa727680f4c7d6f9c4d25518f19040699ff1f70fec708e6844ae6c21f9fb10edf836a1cc1b01a6c9461fa1845e993b25fa3a9f0930c

    • SSDEEP

      49152:66NtjwGmD2CP0Qna6mdOeVYuFw3OOCSgzxn:66NtDG0Qna1dN43OOE

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks