General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230110-zkvfmshe92

  • MD5

    8192cac8bbaa964230a593fcbc04e235

  • SHA1

    a7cf469af932294b0048f4a65c7d5dc43e5cc860

  • SHA256

    0e22c61847bddcb4c5c90b9895aa4782d1f0eabbcb3cd76b0132ad79dc6b707a

  • SHA512

    687c6dd4ea94b067032e94f3887af61f4f16dde5ef8dfedc7cbe70d4b1d00eb3309f275727fc9fe1f2519b39f4935a8e1c6d2e6d0d223cf581b3f76d38f3ee90

  • SSDEEP

    24576:R20kqsW1OWHp1Wbzar6rZYYGFJpC35qocSkl5l/Hld:R2kDoWfAar6NhAoql5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      8192cac8bbaa964230a593fcbc04e235

    • SHA1

      a7cf469af932294b0048f4a65c7d5dc43e5cc860

    • SHA256

      0e22c61847bddcb4c5c90b9895aa4782d1f0eabbcb3cd76b0132ad79dc6b707a

    • SHA512

      687c6dd4ea94b067032e94f3887af61f4f16dde5ef8dfedc7cbe70d4b1d00eb3309f275727fc9fe1f2519b39f4935a8e1c6d2e6d0d223cf581b3f76d38f3ee90

    • SSDEEP

      24576:R20kqsW1OWHp1Wbzar6rZYYGFJpC35qocSkl5l/Hld:R2kDoWfAar6NhAoql5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks