General

  • Target

    046493cb499714e4e004ff838c60a53929fb372b321bd2bf30b7412468f76712

  • Size

    2.0MB

  • Sample

    221230-aa691shg6t

  • MD5

    534059fd0cf838c4cf43800f907d74c1

  • SHA1

    7fa107d911891ef93c061c1f485fa7fa3fa126e2

  • SHA256

    030c372bc5e566e3860fa3280fdb738aefd772253c5e7e14a0645fd30377a294

  • SHA512

    1e62b05e503d3aa9df7715b0b7befe413ac73adaa07be65405452f28d16176508d0e7e40904ebc43dbad4900d91c7661bf121483236dd9373196beea1574cce1

  • SSDEEP

    49152:ur7FXpCfESqMJtpHy0HWFwyjK1TTOUmBQVom+sYFXEwzoNQUDnIU:mpCcSqa/S0HWOyjsTTOUTVozFXEUQp

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      046493cb499714e4e004ff838c60a53929fb372b321bd2bf30b7412468f76712

    • Size

      2.0MB

    • MD5

      89e5c5f48c4386f3f0f312ceb7a5e412

    • SHA1

      3ec047f20beeda18bed42b01948b5c39201e3107

    • SHA256

      046493cb499714e4e004ff838c60a53929fb372b321bd2bf30b7412468f76712

    • SHA512

      ddf01c15a43c578429b7e906aab50d350275b3fc6a4ca955ce8d2e2e043a2750e758360ba87ba3e93a10639879db90e70e36b58643ad04766512c16374dc0639

    • SSDEEP

      49152:qivLILNxfXb0/ESua5tdXEKlmFo6Fi1VjqqqLQNoq+uEFt6wPoOUDXKe:qiv8bb08Sue30Klmq6FEVjqqDNodFt6l

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks