General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230110-pqmmwabg4y

  • MD5

    11472da9785d550e04d131459080900c

  • SHA1

    f9717e1844a36d6814ace57bbdfd9aeda1eeae91

  • SHA256

    b3b43ce90f09ee6f34d9e2959859039b6bca67ba757b9a256e02a9eff4312734

  • SHA512

    eb428b3f220992c65831a35074954ab517e2a21e060eaf88ce8d473f7d6d92a281ae67471abcdcedec9023d880979b99c384c19b75bc7d07eb781b2af76dda77

  • SSDEEP

    24576:R205JZPM27yNbAtLqFdoN/JcDIIKK2M4RTSNGPoMGcfhSkl5l/Hld:R2oMLJAtydoNW2XRhoMll5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      11472da9785d550e04d131459080900c

    • SHA1

      f9717e1844a36d6814ace57bbdfd9aeda1eeae91

    • SHA256

      b3b43ce90f09ee6f34d9e2959859039b6bca67ba757b9a256e02a9eff4312734

    • SHA512

      eb428b3f220992c65831a35074954ab517e2a21e060eaf88ce8d473f7d6d92a281ae67471abcdcedec9023d880979b99c384c19b75bc7d07eb781b2af76dda77

    • SSDEEP

      24576:R205JZPM27yNbAtLqFdoN/JcDIIKK2M4RTSNGPoMGcfhSkl5l/Hld:R2oMLJAtydoNW2XRhoMll5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks