General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-kepwmsfd76

  • MD5

    f513380ecac4532b60d76faf2c45124b

  • SHA1

    a6bd7b8b77c017e854c52e981232981cefcca373

  • SHA256

    e223afe1be87cb857dcbe6b21c4ceb0c78a25d4ea2983ac25abb9d58fd9d275d

  • SHA512

    05719644e9a3269f6d1a8b353f28918a4a53d7dd5ce2b23868b2385d044adcb3abc1bd71cecedcb54396975e25cf7e7bcc2c4c400dd2292f6a6e61c6f73c1122

  • SSDEEP

    24576:R20h5IK4tUIqejthdeuRPV5yYCLpuRFjNJOYmOo7XSSkl5l/Hld:R2O4Lhv90YCluRFpJDmOMol5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      f513380ecac4532b60d76faf2c45124b

    • SHA1

      a6bd7b8b77c017e854c52e981232981cefcca373

    • SHA256

      e223afe1be87cb857dcbe6b21c4ceb0c78a25d4ea2983ac25abb9d58fd9d275d

    • SHA512

      05719644e9a3269f6d1a8b353f28918a4a53d7dd5ce2b23868b2385d044adcb3abc1bd71cecedcb54396975e25cf7e7bcc2c4c400dd2292f6a6e61c6f73c1122

    • SSDEEP

      24576:R20h5IK4tUIqejthdeuRPV5yYCLpuRFjNJOYmOo7XSSkl5l/Hld:R2O4Lhv90YCluRFpJDmOMol5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks