General

  • Target

    file.exe

  • Size

    2.1MB

  • Sample

    221228-cs1w3acc6v

  • MD5

    e97976ab16d825a62eae445375f8e4a3

  • SHA1

    cf7ea518a0f399c98b26e011d9f527f8745feefb

  • SHA256

    5d382385f471fa37dc57fdd9d8e3bca53d5dabcade440de86e6456141a9d3d01

  • SHA512

    77674fce2d10ecc70ddc7381d41e06e1ac3c24c3b1c1669504751491ff4538e11346c6ba75027095b13a3e784c0e6689f198d38e174f3717525dd506625b9220

  • SSDEEP

    49152:WiPqf0C9tkSgrG/cK0VakwdKUYxWiaEl/4c1:WiifxWSqzK0adKLpaMr

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.1MB

    • MD5

      e97976ab16d825a62eae445375f8e4a3

    • SHA1

      cf7ea518a0f399c98b26e011d9f527f8745feefb

    • SHA256

      5d382385f471fa37dc57fdd9d8e3bca53d5dabcade440de86e6456141a9d3d01

    • SHA512

      77674fce2d10ecc70ddc7381d41e06e1ac3c24c3b1c1669504751491ff4538e11346c6ba75027095b13a3e784c0e6689f198d38e174f3717525dd506625b9220

    • SSDEEP

      49152:WiPqf0C9tkSgrG/cK0VakwdKUYxWiaEl/4c1:WiifxWSqzK0adKLpaMr

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks