General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230109-21nddagb45

  • MD5

    8e7df42038ce5d8e1d7ca007d612f887

  • SHA1

    7a2871bc5c1dee5be2f326645cd7d2d1511c29e7

  • SHA256

    83737994d5fbc7be4ce9367251f5fe664aa98e41e5f050e5a90ac48bdd41c271

  • SHA512

    e210ba1febf7191e909352d6500d1e5f50261d34eca1fcfc55a61db5c66b37d3c486cb68502a22a9a515a9dbc617060efaf07c626483be37f2e88d41a1f592f3

  • SSDEEP

    24576:R20ajDt5NHE+fOR7RFq3AWqZSYv5SHOa2Tk5EM5USkl5l/Hlc:R2PdHJK76AWqJ5yOTgSl50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      8e7df42038ce5d8e1d7ca007d612f887

    • SHA1

      7a2871bc5c1dee5be2f326645cd7d2d1511c29e7

    • SHA256

      83737994d5fbc7be4ce9367251f5fe664aa98e41e5f050e5a90ac48bdd41c271

    • SHA512

      e210ba1febf7191e909352d6500d1e5f50261d34eca1fcfc55a61db5c66b37d3c486cb68502a22a9a515a9dbc617060efaf07c626483be37f2e88d41a1f592f3

    • SSDEEP

      24576:R20ajDt5NHE+fOR7RFq3AWqZSYv5SHOa2Tk5EM5USkl5l/Hlc:R2PdHJK76AWqJ5yOTgSl50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks