General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-ek8caafd7y

  • MD5

    7de0d0e781a12576880e625330a7f042

  • SHA1

    f01e7c6a22c2dfc53861650442254cbf1d46bc63

  • SHA256

    b7ac4c38eb0254df7abebad1d91a4cb6a9ae89fc8f95a216acea5314681e217d

  • SHA512

    9efb715fff81b6590fbb7e0da4264a2b4bb21b3825875753edcdf976c85538cb597f13bddc26b9c8af06e6f9157e44729b07cdadbbe5d538438068778babeaab

  • SSDEEP

    12288:R20tQcyXjdnvuljIk5FRcu/YiJWj5iGkBLNreAE8WI/FWeXaQ5W5LSklMMdeLu/f:R20ycQdnmlzd/YsqirNrvsBSkl5l/Hld

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      7de0d0e781a12576880e625330a7f042

    • SHA1

      f01e7c6a22c2dfc53861650442254cbf1d46bc63

    • SHA256

      b7ac4c38eb0254df7abebad1d91a4cb6a9ae89fc8f95a216acea5314681e217d

    • SHA512

      9efb715fff81b6590fbb7e0da4264a2b4bb21b3825875753edcdf976c85538cb597f13bddc26b9c8af06e6f9157e44729b07cdadbbe5d538438068778babeaab

    • SSDEEP

      12288:R20tQcyXjdnvuljIk5FRcu/YiJWj5iGkBLNreAE8WI/FWeXaQ5W5LSklMMdeLu/f:R20ycQdnmlzd/YsqirNrvsBSkl5l/Hld

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks