General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-hj7k5sag6x

  • MD5

    54dbe37ae557f3fabab6e75b02148109

  • SHA1

    2686ef3d3aeb3ca80f44782d4ada27b174a1bf79

  • SHA256

    69d03b41e1e490d7370330057004ccd9cf80c85d50b07bb1bca194fc85b27a56

  • SHA512

    aa1a7f5ec91b55f000641beaac721a1edfbc85d3e46e8126e0ed5fd2dcb25cead7f47d7e5c533f9760573f4e1245ba21479f2ab380aedc7b5a9b296dfe9539b5

  • SSDEEP

    24576:R20TiUTvG72VPJjVgYczoG8eqgkmrRNmZ8Qb/VSkl5l/Hld:R2BCGmJeh9kmiOe/Bl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      54dbe37ae557f3fabab6e75b02148109

    • SHA1

      2686ef3d3aeb3ca80f44782d4ada27b174a1bf79

    • SHA256

      69d03b41e1e490d7370330057004ccd9cf80c85d50b07bb1bca194fc85b27a56

    • SHA512

      aa1a7f5ec91b55f000641beaac721a1edfbc85d3e46e8126e0ed5fd2dcb25cead7f47d7e5c533f9760573f4e1245ba21479f2ab380aedc7b5a9b296dfe9539b5

    • SSDEEP

      24576:R20TiUTvG72VPJjVgYczoG8eqgkmrRNmZ8Qb/VSkl5l/Hld:R2BCGmJeh9kmiOe/Bl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks