General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-sn1y9sge35

  • MD5

    d2fe007d530fe809610e65bcd2e4a2aa

  • SHA1

    27763d970154e5ba8db33e84e2a9aa4968b38f05

  • SHA256

    f8df4c7f545254d02dc3205296d02bcc870b645dce72e26a8bad566b79e5be22

  • SHA512

    b281a3f19a464c445c6e15592771e3b565d084ecc35c6f1ccdcc93e16741c75bb791de2644174b6ecc458aacf143addb85fad546fba0eb2a60db376ad5ebe6ac

  • SSDEEP

    24576:R20OLrKJewdUmx71DObX+duCNMXOSKQNf0tg7Skl5l/Hld:R232Jt5d0jMM+SLCgXl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      d2fe007d530fe809610e65bcd2e4a2aa

    • SHA1

      27763d970154e5ba8db33e84e2a9aa4968b38f05

    • SHA256

      f8df4c7f545254d02dc3205296d02bcc870b645dce72e26a8bad566b79e5be22

    • SHA512

      b281a3f19a464c445c6e15592771e3b565d084ecc35c6f1ccdcc93e16741c75bb791de2644174b6ecc458aacf143addb85fad546fba0eb2a60db376ad5ebe6ac

    • SSDEEP

      24576:R20OLrKJewdUmx71DObX+duCNMXOSKQNf0tg7Skl5l/Hld:R232Jt5d0jMM+SLCgXl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks