General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221228-hd24gacf8z

  • MD5

    068b8792ac4e59dc45d85f306f445251

  • SHA1

    56e1dbc7f8a6c1ec77041289516ea5e81a42ed86

  • SHA256

    06d788911bea94d7883e86e998b89eafec7427f8abce0bcce497341325720301

  • SHA512

    af0c97ccaa5d2cd9b8a61956cf36dc2967fbf3448faeb8e22333c18e3a05f0a1d1a59bda48b17056abde1d12def72530a53b7ae910638da01f47f46d116b7c39

  • SSDEEP

    49152:+ivLILeey9ddFiVSpgJ0JRtpPuFwQ2aD7nLUDXKB:+iv8qeMFikcQpPPM7n3

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      068b8792ac4e59dc45d85f306f445251

    • SHA1

      56e1dbc7f8a6c1ec77041289516ea5e81a42ed86

    • SHA256

      06d788911bea94d7883e86e998b89eafec7427f8abce0bcce497341325720301

    • SHA512

      af0c97ccaa5d2cd9b8a61956cf36dc2967fbf3448faeb8e22333c18e3a05f0a1d1a59bda48b17056abde1d12def72530a53b7ae910638da01f47f46d116b7c39

    • SSDEEP

      49152:+ivLILeey9ddFiVSpgJ0JRtpPuFwQ2aD7nLUDXKB:+iv8qeMFikcQpPPM7n3

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks