General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-a47smsbg7z

  • MD5

    35f01cee64d87eedbe7e89d7c5467fd9

  • SHA1

    adf48a60c092a13743e0b77b9e5f31a36845e1a6

  • SHA256

    9f80a6c3e3420673a889c03bdf7ca90df6c30408b1d62ae48e89e38da22f23b0

  • SHA512

    577712bda79618ed42bbb9543117c398bd5600ed3bb4c6f9ccfba84315b9e63a18e7ff0263b42ab74a2b29a00659e6b01711b017bb2c8ae124c107de6f780045

  • SSDEEP

    24576:R20fA43f+1y8+vLi/6/5uDCZ/YpL44cIFSkl5l/Hlc:R2v434h+ziS/cDCZ444cIRl50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      35f01cee64d87eedbe7e89d7c5467fd9

    • SHA1

      adf48a60c092a13743e0b77b9e5f31a36845e1a6

    • SHA256

      9f80a6c3e3420673a889c03bdf7ca90df6c30408b1d62ae48e89e38da22f23b0

    • SHA512

      577712bda79618ed42bbb9543117c398bd5600ed3bb4c6f9ccfba84315b9e63a18e7ff0263b42ab74a2b29a00659e6b01711b017bb2c8ae124c107de6f780045

    • SSDEEP

      24576:R20fA43f+1y8+vLi/6/5uDCZ/YpL44cIFSkl5l/Hlc:R2v434h+ziS/cDCZ444cIRl50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks