General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-qsdnesca2y

  • MD5

    c9dd85832b7628afe723dfe27b352b7a

  • SHA1

    acc0bc6db748bbb126a59894510c6069324d3243

  • SHA256

    afe6e94ed84c442357f5f1edf24d716adde5dadf4d5b0ccc36b4820817f36a08

  • SHA512

    3ee7f40c26478c917d8d3569c767babc71276c9de1efc7f2bb24a6ccb5d23d59e463b709fb71a0bcb240746610cfc2376809aa11b520cd2c396e090c56251371

  • SSDEEP

    24576:R20WZI7ad3mflZ3M3Ud4+sErgaELK/y1q4NSkl5l/Hld:R2d3mflZ3aUEgCl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      c9dd85832b7628afe723dfe27b352b7a

    • SHA1

      acc0bc6db748bbb126a59894510c6069324d3243

    • SHA256

      afe6e94ed84c442357f5f1edf24d716adde5dadf4d5b0ccc36b4820817f36a08

    • SHA512

      3ee7f40c26478c917d8d3569c767babc71276c9de1efc7f2bb24a6ccb5d23d59e463b709fb71a0bcb240746610cfc2376809aa11b520cd2c396e090c56251371

    • SSDEEP

      24576:R20WZI7ad3mflZ3M3Ud4+sErgaELK/y1q4NSkl5l/Hld:R2d3mflZ3aUEgCl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks