General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230110-av65rabg6z

  • MD5

    fcb3b9cf805493e27b1d5b10aafd2050

  • SHA1

    958c53478432ae28886bb4f31fe5efcd2da7e8b4

  • SHA256

    5b1d1c0caf9b22492c428c6efeee993610eeaad38a553f36a70020d730573ec4

  • SHA512

    b5563d2b55c2dfb12dcdc61ba2953716f2bccb7ea0c38c4d064e760ae3a1fd77aa4c167f5b7f877660bb11891477a7516b60ec4efd7a2f46f34c64adf44628f9

  • SSDEEP

    24576:R20DyxmfXQ/OajkJeRp+Qrix2cVHxgw+3EK+Q0WIzTOqDtSkl5l/Hlc:R2gfQOajMeHr+kEbQ0Sul50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      fcb3b9cf805493e27b1d5b10aafd2050

    • SHA1

      958c53478432ae28886bb4f31fe5efcd2da7e8b4

    • SHA256

      5b1d1c0caf9b22492c428c6efeee993610eeaad38a553f36a70020d730573ec4

    • SHA512

      b5563d2b55c2dfb12dcdc61ba2953716f2bccb7ea0c38c4d064e760ae3a1fd77aa4c167f5b7f877660bb11891477a7516b60ec4efd7a2f46f34c64adf44628f9

    • SSDEEP

      24576:R20DyxmfXQ/OajkJeRp+Qrix2cVHxgw+3EK+Q0WIzTOqDtSkl5l/Hlc:R2gfQOajMeHr+kEbQ0Sul50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks