General

  • Target

    4949533d2a1525ea6ae0e0f49e9865359f08f7aac04cedf526b2dbd65083ff89

  • Size

    1.8MB

  • Sample

    221229-3kxsjshg21

  • MD5

    0f3957f071eafa67014a08859a64a716

  • SHA1

    0a713db28899abd4ce7ea52ce93c261a754d8b82

  • SHA256

    5492f6f05e06cb2a3d2a91a8b445534eab568eb270aab65b7e0a4922e0f85bec

  • SHA512

    80cc45e10022f06dcfb086dd804adf1373c367f4b167ac5d51ab48c70c2a8af419652a9518bf8392d79eea9a31eb28beeb5bec367e1bbd6a48efd1bf6dd0c661

  • SSDEEP

    24576:fhHt/RTYBhoNIYQexFHQn2EfDiAr+0hLH7ykMHi5SYBshGvqkm3wyJCpa642InEV:fhN58JkFeDJjLD5ZB9ir3wnh42ztdy6l

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      4949533d2a1525ea6ae0e0f49e9865359f08f7aac04cedf526b2dbd65083ff89

    • Size

      1.9MB

    • MD5

      00b54b95704b755f28bf48e43de9d131

    • SHA1

      42ca5a5a3c351eafd30910b68c4d8b94d614e87d

    • SHA256

      4949533d2a1525ea6ae0e0f49e9865359f08f7aac04cedf526b2dbd65083ff89

    • SHA512

      0e4a2dd4d0ebf6f6ec04be5b10e6727a7ae79ef093dc6a7f6c8146aa26794a1cef447d85e5c28de64074cfa90914542b01693fb4820e132cb171d072914cb699

    • SSDEEP

      24576:bpniPPQBZu5m0QMvFVQNq+fRmARw0hLn7ukMZi5SWBUhGDYum3KQJOP9s4+In2tQ:FiPY5oFYRPpLh55BFEF3Kk4+Hth96N

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks