General

  • Target

    caca0caf3840a208ac6d6beeb05d04092f219541fd1db82a35a3d458e37865d5.zip

  • Size

    1.7MB

  • Sample

    221229-s3cvzsgf3v

  • MD5

    472149b30c771a4afaa76185dcb601a1

  • SHA1

    1b6ca0c33ecf7d7bdcc7e9f5aa0450711388375e

  • SHA256

    40ea98e697ae8d7a2ca68fc3f2b6746787ec1d7155738804dd32efac6f531e50

  • SHA512

    7a427ec97c7a938d93d7a57986f129a0ff558b9b9caacd90aa78e3ff388a147c229532aab5de82b65affc3c4f6730108abdba0db34bbd3b3b387c52ca580eef4

  • SSDEEP

    49152:sgBini6V2sdF+p6X/Y2/huPD1hVpSxs/CLjAlO:sgcnic2x6XwIuP+YSjAw

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      caca0caf3840a208ac6d6beeb05d04092f219541fd1db82a35a3d458e37865d5.exe

    • Size

      1.8MB

    • MD5

      c2e48c937c75f46743f1a18cf0a4d383

    • SHA1

      c11cc43899c76609b3884f5092ae543fdc638529

    • SHA256

      caca0caf3840a208ac6d6beeb05d04092f219541fd1db82a35a3d458e37865d5

    • SHA512

      d231afbbf3e6209854c2278d7e82d355880f2f03b84204064503355ed66df45e7281abc0f53cb48413ffce213b4f876f4f7e766b98b15a468fda31d054b36d63

    • SSDEEP

      49152:tiAdNonRkMh+3MvZrav2Xk9tDevPzssShfN4+Hth96J:tiAnoRDh+sXOQvPRsV4+HtHM

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks