General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-mbc4sabd41

  • MD5

    5b83bf855019ed25fdff053e3328156f

  • SHA1

    c5f28311c239d5eeee6a6ce1caf946b4b08a2f33

  • SHA256

    fd73f0045f8d52d8c353c0624f8bb0c880e0df30fade5978d32280d109f579f2

  • SHA512

    7cd2ac79b94f5d8a2192cb042c88b9b4028cadce9676579f71acc0938111c6ddb06bdb3ecb022646edc8c0260220245274e14c7ee3798199f4048e6420292a80

  • SSDEEP

    24576:R20hNiO1gCsjUo/sFWOfqeyDlkOQ31vavkvN7GefvB8Z0Skl5l/Hld:R2vOpsjV0FRuib1iMl7hHy4l5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      5b83bf855019ed25fdff053e3328156f

    • SHA1

      c5f28311c239d5eeee6a6ce1caf946b4b08a2f33

    • SHA256

      fd73f0045f8d52d8c353c0624f8bb0c880e0df30fade5978d32280d109f579f2

    • SHA512

      7cd2ac79b94f5d8a2192cb042c88b9b4028cadce9676579f71acc0938111c6ddb06bdb3ecb022646edc8c0260220245274e14c7ee3798199f4048e6420292a80

    • SSDEEP

      24576:R20hNiO1gCsjUo/sFWOfqeyDlkOQ31vavkvN7GefvB8Z0Skl5l/Hld:R2vOpsjV0FRuib1iMl7hHy4l5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks