General

  • Target

    file.exe

  • Size

    2.2MB

  • Sample

    221228-ta3flsag56

  • MD5

    501663fd785c28e53a2bcd52b6fc2cb8

  • SHA1

    2d927d14903b7b2f08f683a78d2a4dc008eb79ed

  • SHA256

    f86e022dcd8fc13c7e22f28928fc5bd75279ab3a044652d4020d2acec8ff61d2

  • SHA512

    05839767906269686ef3f401a5e5e3a49688991edf8c6a587c9ce7da6ffde16f26570481e20d211e3f207608c4d5691aaea9fd0c585926b8f688e06768085966

  • SSDEEP

    49152:KivLILBOXdtEpT4k8UsiCUnUN4woqIgyDsiAy2UUDXKA:Kiv8tOXdsTKAC2wpINsiAyM

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.2MB

    • MD5

      501663fd785c28e53a2bcd52b6fc2cb8

    • SHA1

      2d927d14903b7b2f08f683a78d2a4dc008eb79ed

    • SHA256

      f86e022dcd8fc13c7e22f28928fc5bd75279ab3a044652d4020d2acec8ff61d2

    • SHA512

      05839767906269686ef3f401a5e5e3a49688991edf8c6a587c9ce7da6ffde16f26570481e20d211e3f207608c4d5691aaea9fd0c585926b8f688e06768085966

    • SSDEEP

      49152:KivLILBOXdtEpT4k8UsiCUnUN4woqIgyDsiAy2UUDXKA:Kiv8tOXdsTKAC2wpINsiAyM

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks