General

  • Target

    df90527e770874eb88784b046264948406a41b96c28de9aa89dba47fc025d4f6

  • Size

    1.7MB

  • Sample

    221229-sr3l9sdc88

  • MD5

    dc531cab6d0bee114b990cd41bd56127

  • SHA1

    6b9f9b18e69a65c9f4692be9bfff6b6dec69df44

  • SHA256

    a492e786aa25249d5b6454f608d77020872dfa791d7d98ef75dc3b90af8b7a30

  • SHA512

    c5f34d91e98b5d55af68b36a8ad05339cf754c69a97aaa730b335b0d29eecc5d6917382e9b900033c0620b0ee32eb1798b025bc6340b8503db0f53f028032af5

  • SSDEEP

    49152:4k9Agnat9bl6YOBHDPhsyMyJcAbsLO7B/f:TB+TZORrMyJc4J9

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      df90527e770874eb88784b046264948406a41b96c28de9aa89dba47fc025d4f6

    • Size

      1.7MB

    • MD5

      da54350451de7c65c44a1ff9de7693c4

    • SHA1

      5f7774708a83775248a2e4adba3a494ab71424f3

    • SHA256

      df90527e770874eb88784b046264948406a41b96c28de9aa89dba47fc025d4f6

    • SHA512

      47c5825ca1285a31b3b8c84a038fd965cdd7f20c7c5851c9891922b1633d36e37158efa843babc8ee6e1cf9142e426f173b4543cc820122bd909c15a1b487cfb

    • SSDEEP

      49152:0iVrKktEn93z6KOHvDjnais+/kKRmLOx3ENL:0i5PGBFOLZs+/kktY

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks