General

  • Target

    file.exe

  • Size

    1.0MB

  • Sample

    230110-g1gwdaab4y

  • MD5

    1a025469f90579ddfbf636deb5d00e6d

  • SHA1

    395bfa67f35a4cf7153117dcfc9e1611f25cd50e

  • SHA256

    6028b27b45f325390fdfa919e99696fb6ca1475df0f2e375bbc263566cc8d011

  • SHA512

    77138ef6c7054f368bc7e0728c3facdb6c21e2ca39d093def73e22994527123b3d421bfe4b5ffbdd227005719bcad75370fc1b9db5b01f42f666d001478c245b

  • SSDEEP

    24576:R20AcJ+qotzyHksJTpc0jnj4b71NzdO63PRseLM8Skl5l/Hld:R2G9isVpBjM3h/RtMKl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.0MB

    • MD5

      1a025469f90579ddfbf636deb5d00e6d

    • SHA1

      395bfa67f35a4cf7153117dcfc9e1611f25cd50e

    • SHA256

      6028b27b45f325390fdfa919e99696fb6ca1475df0f2e375bbc263566cc8d011

    • SHA512

      77138ef6c7054f368bc7e0728c3facdb6c21e2ca39d093def73e22994527123b3d421bfe4b5ffbdd227005719bcad75370fc1b9db5b01f42f666d001478c245b

    • SSDEEP

      24576:R20AcJ+qotzyHksJTpc0jnj4b71NzdO63PRseLM8Skl5l/Hld:R2G9isVpBjM3h/RtMKl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks