General

  • Target

    file.exe

  • Size

    1.0MB

  • Sample

    230110-grfxqahg9z

  • MD5

    f3bcacc5b0cfa233c039cd425a13760a

  • SHA1

    eac25c64bc264fb271457e48a10944cf9acef930

  • SHA256

    f735f215e6010f4bfd2290516b6eea1401ef8a27712c7a5d78f1c63b76d0eb06

  • SHA512

    7d21dff743940351e06795fdf0c16ca8adb39154b88298f85c878db67dca4b2e9f4dceeca634e7874f8e30c321d948fedb6844fbfbbb5af92c70cf1e39c3bb1a

  • SSDEEP

    24576:R20l0rtOQxMeGoozHQ7pq7Kg8grGu8z52YT1s6Skl5l/Hld:R21OQGnoqUaMcal5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.0MB

    • MD5

      f3bcacc5b0cfa233c039cd425a13760a

    • SHA1

      eac25c64bc264fb271457e48a10944cf9acef930

    • SHA256

      f735f215e6010f4bfd2290516b6eea1401ef8a27712c7a5d78f1c63b76d0eb06

    • SHA512

      7d21dff743940351e06795fdf0c16ca8adb39154b88298f85c878db67dca4b2e9f4dceeca634e7874f8e30c321d948fedb6844fbfbbb5af92c70cf1e39c3bb1a

    • SSDEEP

      24576:R20l0rtOQxMeGoozHQ7pq7Kg8grGu8z52YT1s6Skl5l/Hld:R21OQGnoqUaMcal5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks