General

  • Target

    febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

  • Size

    1.7MB

  • Sample

    221230-ccwmeaaa4x

  • MD5

    bd8a640a243cf73ec49dfb255ce9979f

  • SHA1

    29dd765c25b7b941f127c97325602a94a97e4128

  • SHA256

    a364cf0df287a2caa4c570ad715aad7bf3cc434ca188673ee97d36f14ef995cd

  • SHA512

    c765e2da575410e1b73f4a798322ca998a89352949381f9912019aeb22808157f191b7e4ad962da28da6601e800ca247d456d9086e08382b116b932bef23a53e

  • SSDEEP

    24576:WbsqmSSWn+iJ0OkLgTSUSNe0GpcBad61+0EnG+fqqOtaxlPbbrIqD0O4+Mn2t1VM:jDW+809LswN8JdrnGerDbrBL4+Tt1e6W

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

    • Size

      1.8MB

    • MD5

      c5a31e850e32e4b779a2eb6257cab613

    • SHA1

      f91799e5e4ecf64f8c68cf17b99c03957403523b

    • SHA256

      febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

    • SHA512

      f7e827114d49b60e6751c4337f1d09d8a03f58d8b54c5f7f1ebabee1b22d8af03c96243e1e60a2440491eb6794acf8d153f3c4e4183c329f207cb9348e7c2306

    • SSDEEP

      49152:5iRVZQ220TLIaNCJdHFGEfPn5m4+Hth960:5iRVZQENC3HFtvs4+HtHZ

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks