General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-vj468sce4s

  • MD5

    4fea6e49f87990ae90945e9c94e97edc

  • SHA1

    4c52e0258e15f48a7e62dc14215c8438fce121a7

  • SHA256

    f28e2ce0fba538e298e8c905fed16979f7e01d2b9d9855e0de4f3e74cda8918a

  • SHA512

    ccfabda1d4a5e8d375d120521b964121f7dec25f902bd05678e07b99882315efd17649be2d798ae457eb151c68249d50d19edd220834575e124e1e766faf9d6e

  • SSDEEP

    24576:R20ovwQyGNLoNYOk3aX+qVob8pLbbYBt13MSkl5l/Hld:R2xvRoND9obuL3o+l5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      4fea6e49f87990ae90945e9c94e97edc

    • SHA1

      4c52e0258e15f48a7e62dc14215c8438fce121a7

    • SHA256

      f28e2ce0fba538e298e8c905fed16979f7e01d2b9d9855e0de4f3e74cda8918a

    • SHA512

      ccfabda1d4a5e8d375d120521b964121f7dec25f902bd05678e07b99882315efd17649be2d798ae457eb151c68249d50d19edd220834575e124e1e766faf9d6e

    • SSDEEP

      24576:R20ovwQyGNLoNYOk3aX+qVob8pLbbYBt13MSkl5l/Hld:R2xvRoND9obuL3o+l5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks