General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230109-z4z58sfh27

  • MD5

    23515ae01856c0f21454e9fc4038b045

  • SHA1

    9127e2bd00c2b6cf31e2cf393a2bfce06bc21652

  • SHA256

    d82f587ba9a04d7f867084296cb76c8ce7da13317fa6abdc8d0e246e88e88adf

  • SHA512

    7f6f5c1eb9ca32443ea19d12ad1e25b8a38e536e2e5e14668540489425ac908c84176feeb57ccc99ac9b746db47554370d5d918fd81c3b0d3c864758624e34d6

  • SSDEEP

    24576:R20/ZdlLtgkM5y5Aa5FANCsGXH6B4wxLPl9b0XRDKxOSkl5l/Hlc:R2SPt3y8AaBaKwhPrb9al50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      23515ae01856c0f21454e9fc4038b045

    • SHA1

      9127e2bd00c2b6cf31e2cf393a2bfce06bc21652

    • SHA256

      d82f587ba9a04d7f867084296cb76c8ce7da13317fa6abdc8d0e246e88e88adf

    • SHA512

      7f6f5c1eb9ca32443ea19d12ad1e25b8a38e536e2e5e14668540489425ac908c84176feeb57ccc99ac9b746db47554370d5d918fd81c3b0d3c864758624e34d6

    • SSDEEP

      24576:R20/ZdlLtgkM5y5Aa5FANCsGXH6B4wxLPl9b0XRDKxOSkl5l/Hlc:R2SPt3y8AaBaKwhPrb9al50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks