General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-1c2enade4z

  • MD5

    6fd88842e28132bc8e976839215af2bc

  • SHA1

    546d68aeb1ac4efbfffc17adf1f3e67824282e3f

  • SHA256

    86904269d5de2be23a181ac5f6237c05d94a15428c3bbee861fa04f2d2c63d51

  • SHA512

    de1a665108f09edb023f53510245240193b0ab7103f5974992bdb8cda1c899efdd8ac0a3770c2f34e96da1e6ce991406708fc716e14e75e04727fab3bdcc6e78

  • SSDEEP

    24576:R20BURYSTxczVlFOFhntv7WdnxfwYlBxgIQfyVO5wmmtXkqXSkl5l/Hld:R2uOxcxlF2ntv7WdOGxmt500Ql5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      6fd88842e28132bc8e976839215af2bc

    • SHA1

      546d68aeb1ac4efbfffc17adf1f3e67824282e3f

    • SHA256

      86904269d5de2be23a181ac5f6237c05d94a15428c3bbee861fa04f2d2c63d51

    • SHA512

      de1a665108f09edb023f53510245240193b0ab7103f5974992bdb8cda1c899efdd8ac0a3770c2f34e96da1e6ce991406708fc716e14e75e04727fab3bdcc6e78

    • SSDEEP

      24576:R20BURYSTxczVlFOFhntv7WdnxfwYlBxgIQfyVO5wmmtXkqXSkl5l/Hld:R2uOxcxlF2ntv7WdOGxmt500Ql5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks