General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230110-kpbf1abb91

  • MD5

    d5fa0e75a1e60d1010a4af2a07d0211d

  • SHA1

    3c32b47f93afe125ea792a6c8a4371ace5642f0f

  • SHA256

    c8a0f5ca478f472db08fb736e7b1ea7049bf407a2d66a97b98e31374f25db893

  • SHA512

    3bbb97ee8288af1418a6f4ef687b21759bc0b763a4cb3d2d851a5e3d4601f39e29a0f5ca678c02979a7b5e2bdcc932a16863da964f1136245bfc4b6f72221da9

  • SSDEEP

    24576:R20/+556azfi4ciql9vO7LrzA5UhoS+k+c1V+6Skl5l/Hld:R25Iaz3aRULrz9hoMhl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      d5fa0e75a1e60d1010a4af2a07d0211d

    • SHA1

      3c32b47f93afe125ea792a6c8a4371ace5642f0f

    • SHA256

      c8a0f5ca478f472db08fb736e7b1ea7049bf407a2d66a97b98e31374f25db893

    • SHA512

      3bbb97ee8288af1418a6f4ef687b21759bc0b763a4cb3d2d851a5e3d4601f39e29a0f5ca678c02979a7b5e2bdcc932a16863da964f1136245bfc4b6f72221da9

    • SSDEEP

      24576:R20/+556azfi4ciql9vO7LrzA5UhoS+k+c1V+6Skl5l/Hld:R25Iaz3aRULrz9hoMhl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks