General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-k816rsbc5t

  • MD5

    a3a8636edc0cc67cae220bb92125c67b

  • SHA1

    231b6d7a2da1d95bd672a1f60efa95cb4e42f093

  • SHA256

    180f36827740fb634ab470209c5974ecb1a761919767cf4d4172ffbb6d46eedd

  • SHA512

    9961b2f2eab9b46bd0f802c690c25547f3aa6d4310c4019b8a8b3ff5e9effad8962764aa8a8d3ebab4c4a766c22a9ef68d61229a492532b5c1b5daecc26a7462

  • SSDEEP

    24576:R20L3WLP9Bf0GFEprx6zFE79RIPeRYY/K4+FfmBwSkl5l/Hld:R27LP9F/EpFtIGRYYSHl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      a3a8636edc0cc67cae220bb92125c67b

    • SHA1

      231b6d7a2da1d95bd672a1f60efa95cb4e42f093

    • SHA256

      180f36827740fb634ab470209c5974ecb1a761919767cf4d4172ffbb6d46eedd

    • SHA512

      9961b2f2eab9b46bd0f802c690c25547f3aa6d4310c4019b8a8b3ff5e9effad8962764aa8a8d3ebab4c4a766c22a9ef68d61229a492532b5c1b5daecc26a7462

    • SSDEEP

      24576:R20L3WLP9Bf0GFEprx6zFE79RIPeRYY/K4+FfmBwSkl5l/Hld:R27LP9F/EpFtIGRYYSHl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks