General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230110-f7qanade68

  • MD5

    0b7009e914c74632b75d77264a183a5b

  • SHA1

    61463df0e4c92de87633c0fd93944f2078309a8a

  • SHA256

    c349b85e0403676346aa59fc646e38519352254898b157e7a029516d9caebe33

  • SHA512

    615c9a128dbefde1a88dd989fd466d128e807c1471b44d7b25f73779959bb14d078951d61e8dfe4a30153f4dc53de4d7b3c4d096adf829f47f34864474148a11

  • SSDEEP

    24576:R20oPYF4XYo0nO9xDhgHRyEsOLMMcOtCRwHdGAMIRZaEu9qISfY5AUSkl5l/Hld:R222oo0O9UHcuCiaT/b5Pl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      0b7009e914c74632b75d77264a183a5b

    • SHA1

      61463df0e4c92de87633c0fd93944f2078309a8a

    • SHA256

      c349b85e0403676346aa59fc646e38519352254898b157e7a029516d9caebe33

    • SHA512

      615c9a128dbefde1a88dd989fd466d128e807c1471b44d7b25f73779959bb14d078951d61e8dfe4a30153f4dc53de4d7b3c4d096adf829f47f34864474148a11

    • SSDEEP

      24576:R20oPYF4XYo0nO9xDhgHRyEsOLMMcOtCRwHdGAMIRZaEu9qISfY5AUSkl5l/Hld:R222oo0O9UHcuCiaT/b5Pl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks