Resubmissions

11-01-2023 00:20

230111-am1b8sdh2v 10

10-01-2023 22:32

230110-2fxrbadf7s 10

General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-2fxrbadf7s

  • MD5

    f5ea9ff55f1988b0cc2edd498ade953c

  • SHA1

    8f0e22755530cd00f4856429087f71d7a67dc8a0

  • SHA256

    2e8844dba3b1c737145e275d47bb691537bc14604fffba4f85bae78ebd814dd0

  • SHA512

    ba9a551322e7df79badeab9f822214fe529768881b506d0dbb248bab214bb791d5c0de3aaa56b1cd03c356785230890499ad7b7b7e1eafc7d7e050aac3dae599

  • SSDEEP

    24576:R20W+Z2ZPdMPCej/5rbH1oSFCcnvSiO4RSkl5l/Hld:R26Z2dw7rb+mCGvVO41l5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      f5ea9ff55f1988b0cc2edd498ade953c

    • SHA1

      8f0e22755530cd00f4856429087f71d7a67dc8a0

    • SHA256

      2e8844dba3b1c737145e275d47bb691537bc14604fffba4f85bae78ebd814dd0

    • SHA512

      ba9a551322e7df79badeab9f822214fe529768881b506d0dbb248bab214bb791d5c0de3aaa56b1cd03c356785230890499ad7b7b7e1eafc7d7e050aac3dae599

    • SSDEEP

      24576:R20W+Z2ZPdMPCej/5rbH1oSFCcnvSiO4RSkl5l/Hld:R26Z2dw7rb+mCGvVO41l5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks