General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221228-v9zz7seb3s

  • MD5

    23ef18cc2268d61c01641a23a0a6b886

  • SHA1

    06df1267ef3aa404eb17a46878241a9e94458732

  • SHA256

    0f1edde03a1ff689bbc432742fa4d319a406b37a25f9b79672419db2d64773ca

  • SHA512

    0059d6a8dcfdf6457fb04cb5058c4c3bab0d6ef1ff363f6f8566adc73c1e81d6103c6242183057f344ae4b3173d37f7ad737a64892af149ca920b5d984ee0a27

  • SSDEEP

    49152:gi1pw4ZmqzzUIFOmiUUovaMPeYW/dsWLqoIqaCL3NO:gi1vZmck8EJWCnaSg

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      23ef18cc2268d61c01641a23a0a6b886

    • SHA1

      06df1267ef3aa404eb17a46878241a9e94458732

    • SHA256

      0f1edde03a1ff689bbc432742fa4d319a406b37a25f9b79672419db2d64773ca

    • SHA512

      0059d6a8dcfdf6457fb04cb5058c4c3bab0d6ef1ff363f6f8566adc73c1e81d6103c6242183057f344ae4b3173d37f7ad737a64892af149ca920b5d984ee0a27

    • SSDEEP

      49152:gi1pw4ZmqzzUIFOmiUUovaMPeYW/dsWLqoIqaCL3NO:gi1vZmck8EJWCnaSg

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks