General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221229-qvnleadb47

  • MD5

    c2e48c937c75f46743f1a18cf0a4d383

  • SHA1

    c11cc43899c76609b3884f5092ae543fdc638529

  • SHA256

    caca0caf3840a208ac6d6beeb05d04092f219541fd1db82a35a3d458e37865d5

  • SHA512

    d231afbbf3e6209854c2278d7e82d355880f2f03b84204064503355ed66df45e7281abc0f53cb48413ffce213b4f876f4f7e766b98b15a468fda31d054b36d63

  • SSDEEP

    49152:tiAdNonRkMh+3MvZrav2Xk9tDevPzssShfN4+Hth96J:tiAnoRDh+sXOQvPRsV4+HtHM

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      c2e48c937c75f46743f1a18cf0a4d383

    • SHA1

      c11cc43899c76609b3884f5092ae543fdc638529

    • SHA256

      caca0caf3840a208ac6d6beeb05d04092f219541fd1db82a35a3d458e37865d5

    • SHA512

      d231afbbf3e6209854c2278d7e82d355880f2f03b84204064503355ed66df45e7281abc0f53cb48413ffce213b4f876f4f7e766b98b15a468fda31d054b36d63

    • SSDEEP

      49152:tiAdNonRkMh+3MvZrav2Xk9tDevPzssShfN4+Hth96J:tiAnoRDh+sXOQvPRsV4+HtHM

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks