General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230109-y29ffsff28

  • MD5

    e260131d2f6bc7ac7d8909a130c23b14

  • SHA1

    c5a8c005029f6a24c3207c40f33f8567d93a403c

  • SHA256

    87689ab18fac220a638cbc49c8d2f19c09d7592d4f0c6e6ecfc2d0959da2ece0

  • SHA512

    f7170b3508fa95d7e0c8eeee2de2e8d4de388bdf1ceda0da2dad442c367c8b0c7b0e4f3f0fba69271b44618bf90705e53cdf7e210014da1d41986808ad282d07

  • SSDEEP

    24576:R2078XKlYg/JR/kNrmOS5uZVSFxpzrd9j6vs6DMplcMlxCKYURw6Skl5l/Hlc:R2JKWg/J+Nrmd58Mx9b6vdMP16aJl50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      e260131d2f6bc7ac7d8909a130c23b14

    • SHA1

      c5a8c005029f6a24c3207c40f33f8567d93a403c

    • SHA256

      87689ab18fac220a638cbc49c8d2f19c09d7592d4f0c6e6ecfc2d0959da2ece0

    • SHA512

      f7170b3508fa95d7e0c8eeee2de2e8d4de388bdf1ceda0da2dad442c367c8b0c7b0e4f3f0fba69271b44618bf90705e53cdf7e210014da1d41986808ad282d07

    • SSDEEP

      24576:R2078XKlYg/JR/kNrmOS5uZVSFxpzrd9j6vs6DMplcMlxCKYURw6Skl5l/Hlc:R2JKWg/J+Nrmd58Mx9b6vdMP16aJl50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks