General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230110-3hpzxsdg4y

  • MD5

    ad260f80f7940fb7077f7a9fed8d5501

  • SHA1

    fb2d0f98637e3158a6c464401fe1ea5e2b04c216

  • SHA256

    e0cbabf4ce9def89ad8fb602c0fcdb9434c4eb258908f1c08201e6c5736dbb0a

  • SHA512

    2246fdd87b7b55e4accb155ba7d34495c202aa0492f9bf98a9e60c383656c04ca452a13da80580ac9432eea291b5774a25b9e33c1f3f6b8fcef7139d016e26d2

  • SSDEEP

    24576:R20JA5kSKO2SR8DPcEtXfmgtiPQQLotJ84iq3qkHN6eM7ekczhlzVsu0Skl5l/H/:R2DaeGkfgtiP0r84iqvQV7sLziuyl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      ad260f80f7940fb7077f7a9fed8d5501

    • SHA1

      fb2d0f98637e3158a6c464401fe1ea5e2b04c216

    • SHA256

      e0cbabf4ce9def89ad8fb602c0fcdb9434c4eb258908f1c08201e6c5736dbb0a

    • SHA512

      2246fdd87b7b55e4accb155ba7d34495c202aa0492f9bf98a9e60c383656c04ca452a13da80580ac9432eea291b5774a25b9e33c1f3f6b8fcef7139d016e26d2

    • SSDEEP

      24576:R20JA5kSKO2SR8DPcEtXfmgtiPQQLotJ84iq3qkHN6eM7ekczhlzVsu0Skl5l/H/:R2DaeGkfgtiP0r84iqvQV7sLziuyl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks