General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230110-t1cymsgf63

  • MD5

    84fb0906d5d61122c46a7188de5c7171

  • SHA1

    0a8e13e3d8691e2c036c4dd83a2391e481e53a36

  • SHA256

    f0448e6c878d844a9ca51d04e8bdcbf94432271017824e3c212aaaf2c2a7efd9

  • SHA512

    52d07a251cb62dc22a334dad4ca40cfd607de89c5a94e925b50ea9a4ec1c4d1572da812b5f82e6c08183e1f0c49cc436e39cf1675e6966e92d41e74f0df0f7ae

  • SSDEEP

    24576:R20fubHm04hvM9Rnvrz3BhyZEJU/V+xYZlnErLVFuFCycSkl5l/Hld:R2DG04hEnnvxhyyJwAxdVFuFCtl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      84fb0906d5d61122c46a7188de5c7171

    • SHA1

      0a8e13e3d8691e2c036c4dd83a2391e481e53a36

    • SHA256

      f0448e6c878d844a9ca51d04e8bdcbf94432271017824e3c212aaaf2c2a7efd9

    • SHA512

      52d07a251cb62dc22a334dad4ca40cfd607de89c5a94e925b50ea9a4ec1c4d1572da812b5f82e6c08183e1f0c49cc436e39cf1675e6966e92d41e74f0df0f7ae

    • SSDEEP

      24576:R20fubHm04hvM9Rnvrz3BhyZEJU/V+xYZlnErLVFuFCycSkl5l/Hld:R2DG04hEnnvxhyyJwAxdVFuFCtl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks