General

  • Target

    file

  • Size

    1.1MB

  • Sample

    230109-wmk37sfb25

  • MD5

    3a3fe9c5086b5298523bc26fc6584cb9

  • SHA1

    582f6d4c13061d5b9cd79a7855c2957a1c1169fa

  • SHA256

    55ba471643a28233f5a9a63b642ea792f118c4294b5e68a813ce6ba141e15602

  • SHA512

    cbabdcbd00d133740fb33f0be2b673465f31ca6f8f5732538afddc8c9e4b672e175de1b693292542d66195dc4b024d3701cc093007d698f1d6f0f40c9bc1cf71

  • SSDEEP

    24576:R20V7NUZiZLPL/SNsVRtkP/8idV6hWHY8o0pYw8mrGen9Skl5l/Hlc:R2SZLPL/VRt+/BdV1Y8omzHZl50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file

    • Size

      1.1MB

    • MD5

      3a3fe9c5086b5298523bc26fc6584cb9

    • SHA1

      582f6d4c13061d5b9cd79a7855c2957a1c1169fa

    • SHA256

      55ba471643a28233f5a9a63b642ea792f118c4294b5e68a813ce6ba141e15602

    • SHA512

      cbabdcbd00d133740fb33f0be2b673465f31ca6f8f5732538afddc8c9e4b672e175de1b693292542d66195dc4b024d3701cc093007d698f1d6f0f40c9bc1cf71

    • SSDEEP

      24576:R20V7NUZiZLPL/SNsVRtkP/8idV6hWHY8o0pYw8mrGen9Skl5l/Hlc:R2SZLPL/VRt+/BdV1Y8omzHZl50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks