General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221229-2mnrzsed33

  • MD5

    c5a31e850e32e4b779a2eb6257cab613

  • SHA1

    f91799e5e4ecf64f8c68cf17b99c03957403523b

  • SHA256

    febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

  • SHA512

    f7e827114d49b60e6751c4337f1d09d8a03f58d8b54c5f7f1ebabee1b22d8af03c96243e1e60a2440491eb6794acf8d153f3c4e4183c329f207cb9348e7c2306

  • SSDEEP

    49152:5iRVZQ220TLIaNCJdHFGEfPn5m4+Hth960:5iRVZQENC3HFtvs4+HtHZ

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      c5a31e850e32e4b779a2eb6257cab613

    • SHA1

      f91799e5e4ecf64f8c68cf17b99c03957403523b

    • SHA256

      febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

    • SHA512

      f7e827114d49b60e6751c4337f1d09d8a03f58d8b54c5f7f1ebabee1b22d8af03c96243e1e60a2440491eb6794acf8d153f3c4e4183c329f207cb9348e7c2306

    • SSDEEP

      49152:5iRVZQ220TLIaNCJdHFGEfPn5m4+Hth960:5iRVZQENC3HFtvs4+HtHZ

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks