General

  • Target

    34cc033d41592e325abeda0e1c1cedaab65bc973f20a44c8cefef136da7313b9

  • Size

    1.7MB

  • Sample

    221230-atcvhshg9v

  • MD5

    429f64ed2eac1df98692ec3c28ccc0fc

  • SHA1

    43958481309c9386de20843a4747c4f5b8d18a0d

  • SHA256

    2036b9c8268877f66b86525e1bb1739ce29e08398c5d5741d41ceb690f1c17a3

  • SHA512

    d3269264d51de8bf717ff0b704562c37b7831e13a8e9d21b7ef3486738dd02bcd34932245ac33db1c871679e50e5a592504cc929c5b262cb194dacb8e7780465

  • SSDEEP

    49152:Yb/DqXWh/6dR1C6VtUl4JCMOwGvI317kesZAA+nt766U:9XWsRauJVOwGqSeWAA+nt+V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      34cc033d41592e325abeda0e1c1cedaab65bc973f20a44c8cefef136da7313b9

    • Size

      1.8MB

    • MD5

      43a2f787fe07a55801397d0c39a7d6b6

    • SHA1

      5f9f34d67f7432c8fb0fad7710c8f2a180347cfe

    • SHA256

      34cc033d41592e325abeda0e1c1cedaab65bc973f20a44c8cefef136da7313b9

    • SHA512

      ce22499852e9b0e54b3930b1b42dfd8c146229a30f3de4989f7df10bf62b8182a8f4c485fa291c9b66c82d8ba6368c1e59a0531aa11edc2877230de2456beacf

    • SSDEEP

      49152:FiO1v+1WRj6jRVu0VtUJ4NCq4wCvE3Xhkut4+Hth96K:Fiz1WsXaCNz4wCEyut4+HtHP

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks