General

  • Target

    file.exe

  • Size

    1.0MB

  • Sample

    230110-lr7gwsbc8v

  • MD5

    37c9e1e8591776c97a50d29c9564318b

  • SHA1

    9432e581692dc7c82aaf5cd70230256ae7d0dfeb

  • SHA256

    ce079fec8a65567a10c103e9aad0c15a9378fdf85732f5f42fcb00f3f08ae2c4

  • SHA512

    ab3ae1e650f0b4432a1be2aa4c6e469fd9adbb917122551769a86254de55139c35d29a03735daec1924aa26b028abd5741541f1955fbc64390f56e8422bc975f

  • SSDEEP

    24576:R20Ak8Q5AVmPpU+KFJaeeTPKYp43Tgknlc51LesEF0/uSkl5l/Hld:R2G8Q6VmPakeenp43Tgknl6esEF0sl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.0MB

    • MD5

      37c9e1e8591776c97a50d29c9564318b

    • SHA1

      9432e581692dc7c82aaf5cd70230256ae7d0dfeb

    • SHA256

      ce079fec8a65567a10c103e9aad0c15a9378fdf85732f5f42fcb00f3f08ae2c4

    • SHA512

      ab3ae1e650f0b4432a1be2aa4c6e469fd9adbb917122551769a86254de55139c35d29a03735daec1924aa26b028abd5741541f1955fbc64390f56e8422bc975f

    • SSDEEP

      24576:R20Ak8Q5AVmPpU+KFJaeeTPKYp43Tgknlc51LesEF0/uSkl5l/Hld:R2G8Q6VmPakeenp43Tgknl6esEF0sl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks