General

  • Target

    0d7ef2ca92b5a1befe83c2bd1506e8f7805a695b1a89517f40b6bdae78298af1

  • Size

    2.0MB

  • Sample

    221228-sdwa2aaf59

  • MD5

    01ccf2015a819e56f7fc3d09913aeeca

  • SHA1

    f1ca7b48e62c933b2353043606825214f4fb516d

  • SHA256

    1cb6ba9dbf56260d982d260da1957619d98eb4e89e6f1e466e864e5c4cdf340b

  • SHA512

    4875f1caacc5bcd11796e158ab312c52bd97f6c372680fb00abc45290a448d0ebefae73f8d82dc75f19936d7542b13692800304786a6d789e3790cb0d48450be

  • SSDEEP

    49152:KC8La1IBuhKS8TzdIJZK36AbH2HnENYu1XphY2Eovjl/u4d:B8La6858XEm6AbWHENtXM2EyN

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      0d7ef2ca92b5a1befe83c2bd1506e8f7805a695b1a89517f40b6bdae78298af1

    • Size

      2.1MB

    • MD5

      709bb61b45cf4e363a6b17a3edbc1ae8

    • SHA1

      88ff2351f4d02ec6133fbf1c91d478253145f4a1

    • SHA256

      0d7ef2ca92b5a1befe83c2bd1506e8f7805a695b1a89517f40b6bdae78298af1

    • SHA512

      dcb66ef949fc943ac74cb1f2e2dccc1b427248fe1cc6b3865c7ed7c8fff51cb628c8524d25abb5b2e939f8414a97e0ee3e8c303a0771fbd50c5d1aa192fe42a2

    • SSDEEP

      49152:WiPqf0ArydCXGXEW+HJzIBZKneAD9MH/mRYullRhW2EneJl/4c9:Wiif0Aryc2H+pweeADSfmRtla2EnOf

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks