General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230109-x8x6bsfd72

  • MD5

    f15aac783c5e7b00ef7cddc221c3b442

  • SHA1

    994f33f28dd7eef93c1f69d1d97c6e6fb0a68e15

  • SHA256

    ae6a7b42fa9007d59c1c094b7b173882b79cffb8c8b47f26b93d594604eaf9f4

  • SHA512

    6de5aca0a528e161f81795ee72a259aae6359cd1464d3556d7c385c9a2117ad47ebcb862b42a16d65b642c75647710b5b42bf90cbf0097053333209a1fca8834

  • SSDEEP

    24576:R20ygDXQ66WxUq8QR7TpmCQesGJosKxCQD5Skl5l/Hlc:R2kQ66lQR7V6TGJp2C+tl50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      f15aac783c5e7b00ef7cddc221c3b442

    • SHA1

      994f33f28dd7eef93c1f69d1d97c6e6fb0a68e15

    • SHA256

      ae6a7b42fa9007d59c1c094b7b173882b79cffb8c8b47f26b93d594604eaf9f4

    • SHA512

      6de5aca0a528e161f81795ee72a259aae6359cd1464d3556d7c385c9a2117ad47ebcb862b42a16d65b642c75647710b5b42bf90cbf0097053333209a1fca8834

    • SSDEEP

      24576:R20ygDXQ66WxUq8QR7TpmCQesGJosKxCQD5Skl5l/Hlc:R2kQ66lQR7V6TGJp2C+tl50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks