General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221228-ewdbaacd8z

  • MD5

    d9a019f6473fdcdba804033c288f29b6

  • SHA1

    200c89e7147aaff681453545b7a9e52f03aa153f

  • SHA256

    07a77d549383affd232ef23538cb598489c2cdaf1349cbe42f81de37272f89d8

  • SHA512

    c92cfc709a848fdaf945fd743e87618ba10153e80ddc8c58c7d47914f68be3aedacafe4f9548b13aaa1ea9d9241db5e3a03569bdfc8cff28cc722e0dec5f0456

  • SSDEEP

    49152:aivLIL50PCpYz4H0ghYFiK+el7+Ehpr1UxLbkIjufctTUDXK0:aiv8eqpgkhhIVt5fxUZbkIjxY

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      d9a019f6473fdcdba804033c288f29b6

    • SHA1

      200c89e7147aaff681453545b7a9e52f03aa153f

    • SHA256

      07a77d549383affd232ef23538cb598489c2cdaf1349cbe42f81de37272f89d8

    • SHA512

      c92cfc709a848fdaf945fd743e87618ba10153e80ddc8c58c7d47914f68be3aedacafe4f9548b13aaa1ea9d9241db5e3a03569bdfc8cff28cc722e0dec5f0456

    • SSDEEP

      49152:aivLIL50PCpYz4H0ghYFiK+el7+Ehpr1UxLbkIjufctTUDXK0:aiv8eqpgkhhIVt5fxUZbkIjxY

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks