General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    221228-bac7lscb2y

  • MD5

    71660a4b485a58e51f175d3a57d72ed5

  • SHA1

    2f2a47d978f7a8a7143659c57debc5dd7d9afc78

  • SHA256

    27c9d5c7b82789ab0777f4f88b3b025c35f12184fb9cc701517422340057e59c

  • SHA512

    d456d3853284d792ac1e8452e84ffff98244a06a1be265d70d2bf51449fdc63728256eb068cf53fe21a8b0240369a335c538ae8c477a10d638af681548a26877

  • SSDEEP

    49152:yiPqflugKbwJHcfOggQ9mtUoockq3Vzhgl/4cL:yiifEvwCZ5PPczzhQ9

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      71660a4b485a58e51f175d3a57d72ed5

    • SHA1

      2f2a47d978f7a8a7143659c57debc5dd7d9afc78

    • SHA256

      27c9d5c7b82789ab0777f4f88b3b025c35f12184fb9cc701517422340057e59c

    • SHA512

      d456d3853284d792ac1e8452e84ffff98244a06a1be265d70d2bf51449fdc63728256eb068cf53fe21a8b0240369a335c538ae8c477a10d638af681548a26877

    • SSDEEP

      49152:yiPqflugKbwJHcfOggQ9mtUoockq3Vzhgl/4cL:yiifEvwCZ5PPczzhQ9

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks