General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    221229-r8qhladc46

  • MD5

    b1ff3fa462915f1b16e9f39da0b284a5

  • SHA1

    4c5fcb3ea18b8ccbeb3a52cab92cf3733c374dcf

  • SHA256

    e173a5cad670484873584a1a1f664c6f356d0f089d554d2e8398033be45531c2

  • SHA512

    2016c8fb6585bee66e3b1824bf0a246c067083e21b8c362f6c372308ad8bf0083258f8f079d642b0784e984e63807b8d63e44e05a0dc48ed4af9bfbf64a9fb07

  • SSDEEP

    49152:FiWE/7DLJwBcsW2zzBefC/s8MtY15X8+P4+Hth96Q:FiWE3t88w1ECLMO5XPP4+HtH1

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      b1ff3fa462915f1b16e9f39da0b284a5

    • SHA1

      4c5fcb3ea18b8ccbeb3a52cab92cf3733c374dcf

    • SHA256

      e173a5cad670484873584a1a1f664c6f356d0f089d554d2e8398033be45531c2

    • SHA512

      2016c8fb6585bee66e3b1824bf0a246c067083e21b8c362f6c372308ad8bf0083258f8f079d642b0784e984e63807b8d63e44e05a0dc48ed4af9bfbf64a9fb07

    • SSDEEP

      49152:FiWE/7DLJwBcsW2zzBefC/s8MtY15X8+P4+Hth96Q:FiWE3t88w1ECLMO5XPP4+HtH1

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks