General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-h4c72afc46

  • MD5

    a5572238befa34a9bf4504320430c8c7

  • SHA1

    c7e65b96cf20413d48bf75a51213b9308ea1574c

  • SHA256

    eb36907f40e26aa64046f1ce3806bfd010b1589c81da26498aab66bd1818d9ec

  • SHA512

    471dfa37a25645f061345597d693dbfb52e6211700fba658e26d86340c74c52ae9261381b6821c4ee0a9d8e23e353e35bd3f55f3dabb98d32cb84528255f36af

  • SSDEEP

    24576:R203Nxje9P+cmPdlu0eUZRG4ZOJp2XzPGsAFPdJsuGSkl5l/Hld:R2gA1+pHuZU3ZOJp0NwPdJsu0l5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      a5572238befa34a9bf4504320430c8c7

    • SHA1

      c7e65b96cf20413d48bf75a51213b9308ea1574c

    • SHA256

      eb36907f40e26aa64046f1ce3806bfd010b1589c81da26498aab66bd1818d9ec

    • SHA512

      471dfa37a25645f061345597d693dbfb52e6211700fba658e26d86340c74c52ae9261381b6821c4ee0a9d8e23e353e35bd3f55f3dabb98d32cb84528255f36af

    • SSDEEP

      24576:R203Nxje9P+cmPdlu0eUZRG4ZOJp2XzPGsAFPdJsuGSkl5l/Hld:R2gA1+pHuZU3ZOJp0NwPdJsu0l5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks