General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-cf4r7acf41

  • MD5

    1658a9d172c902b693f7327aa2906d93

  • SHA1

    6c210d2dc64b8fa780e11db2c5ef6f9b7b24ad67

  • SHA256

    1571ea73532c5deceee79d3d9c2d1bd891810049f7d0271cd6e39f7a0d0f736c

  • SHA512

    ed38e1af81a43cd51532c966205c15b3647dc29ad21cc20c3152fc9018f9719cc823a355d70a49a860f0abf5c2fb828d2dfd563a3d8aa0310502a7367c5ed48d

  • SSDEEP

    24576:R20i+jOfuvS6KdylIhgSCkJ19J4KuZMBfuVpnRlcLf6Skl5l/Hlc:R2+OfMpKdyZq74YBCRyLIl50

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      1658a9d172c902b693f7327aa2906d93

    • SHA1

      6c210d2dc64b8fa780e11db2c5ef6f9b7b24ad67

    • SHA256

      1571ea73532c5deceee79d3d9c2d1bd891810049f7d0271cd6e39f7a0d0f736c

    • SHA512

      ed38e1af81a43cd51532c966205c15b3647dc29ad21cc20c3152fc9018f9719cc823a355d70a49a860f0abf5c2fb828d2dfd563a3d8aa0310502a7367c5ed48d

    • SSDEEP

      24576:R20i+jOfuvS6KdylIhgSCkJ19J4KuZMBfuVpnRlcLf6Skl5l/Hlc:R2+OfMpKdyZq74YBCRyLIl50

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks