General

  • Target

    845f73c831ef97cabdeb47fda745d8cbb34b1f176b788bf828edbbd5188eb3fa

  • Size

    1.9MB

  • Sample

    221229-s5z4asgf4v

  • MD5

    7d5cb69dcec08ff015242e83c1a69fe1

  • SHA1

    a4717de209de3bb9d20c55f5ae78dfebd1335d0c

  • SHA256

    a4a26b448365741b6c1ed71059463efc15df2a57e58f337d4b218425865e3a81

  • SHA512

    5db90ac5835c50ef900d83e93a9c24bf63a5532be3169476bf47e9423be5f2c940ca6c2c5956b97c693267582ddc7c0e00d1d69d1b7f3dd664fc52d81f4684a9

  • SSDEEP

    49152:05cyfS9qm1suYRi07i7vr4Yj5WUc4O/tvo6B:iBS9qL207kvr5nc4O/tgo

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      845f73c831ef97cabdeb47fda745d8cbb34b1f176b788bf828edbbd5188eb3fa

    • Size

      2.0MB

    • MD5

      2f39f3ad288db98f0ab4818ca8a4ae6b

    • SHA1

      22a77cb763ba40cfc90c8172a831e69e5559ea9a

    • SHA256

      845f73c831ef97cabdeb47fda745d8cbb34b1f176b788bf828edbbd5188eb3fa

    • SHA512

      07dd20871985c9ac6be4a49a2ea3c4704756aae9a37e5c738c0aa58e3c2a4e132347714370acee09df1ca2279f58c793c7362b10152b4dbf47b9f4ea18f3dfd2

    • SSDEEP

      49152:Bij3efO9kmx2uAhQcteDTr4m7leS+UV4+Hth961:BiuO9kdyctkTrzT+W4+HtHc

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks