General

  • Target

    file.exe

  • Size

    2.0MB

  • Sample

    221228-srw5gsdg51

  • MD5

    a8b7092968e7488fe44adbe833edd5e6

  • SHA1

    e8701afa9c908a32e2f973cd139c5aa7a1bc051a

  • SHA256

    cce89e0be23267c638de98c0d465e818e4a5fbb11f15bfa3294e46db9338e1dc

  • SHA512

    518b574c7ea562ef712f88be004685e87b7d70b714e6ecffc3f06269bbf4924e5bd44d012959355eeeea15c4417c45582d3d29069ecffa94a9d03c4b911d2666

  • SSDEEP

    49152:+ivLIL2kndJg/NGjcDDoRRtNxE182P3d6/6K+e4UDXKk:+iv8vndJnKDoRR+5BK+S

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.0MB

    • MD5

      a8b7092968e7488fe44adbe833edd5e6

    • SHA1

      e8701afa9c908a32e2f973cd139c5aa7a1bc051a

    • SHA256

      cce89e0be23267c638de98c0d465e818e4a5fbb11f15bfa3294e46db9338e1dc

    • SHA512

      518b574c7ea562ef712f88be004685e87b7d70b714e6ecffc3f06269bbf4924e5bd44d012959355eeeea15c4417c45582d3d29069ecffa94a9d03c4b911d2666

    • SSDEEP

      49152:+ivLIL2kndJg/NGjcDDoRRtNxE182P3d6/6K+e4UDXKk:+iv8vndJnKDoRR+5BK+S

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks