General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230111-bnc4rsab66

  • MD5

    cf1f3d067744f86d1421b8ba5c929f01

  • SHA1

    a1fbcc0fffb6eeb1c21f207b123abaca698f304e

  • SHA256

    63f83429bcf226078b46a31bff7b2aeb4129650b38ac6927eec7adf4b7ec5715

  • SHA512

    4155cfef3d1e19c2b643ee70a8e9cd21ba3d75a0ddd13b38ae35f619db6cf7605873ad987872274d4348a2af12459fd331fa98db8173e2b4fe0ca47d1ad251b3

  • SSDEEP

    24576:R20Oh3zh9LJaLK1SGyXcFOWqo/GLYx2gCkwcKSkl5l/Hld:R2Z3zho7GyXAvV/wXvkvwl5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      cf1f3d067744f86d1421b8ba5c929f01

    • SHA1

      a1fbcc0fffb6eeb1c21f207b123abaca698f304e

    • SHA256

      63f83429bcf226078b46a31bff7b2aeb4129650b38ac6927eec7adf4b7ec5715

    • SHA512

      4155cfef3d1e19c2b643ee70a8e9cd21ba3d75a0ddd13b38ae35f619db6cf7605873ad987872274d4348a2af12459fd331fa98db8173e2b4fe0ca47d1ad251b3

    • SSDEEP

      24576:R20Oh3zh9LJaLK1SGyXcFOWqo/GLYx2gCkwcKSkl5l/Hld:R2Z3zho7GyXAvV/wXvkvwl5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks