General

  • Target

    file.exe

  • Size

    1.1MB

  • Sample

    230111-c1bbdaea9y

  • MD5

    4798ff14c9050c5e5be4008ce21dfcfb

  • SHA1

    0446d0b9bfa93a51308e2c8984673f7a33ab1c71

  • SHA256

    f22ab9ff0e36205a7fd778ba9ffc6fdb57814846d675532da90b929a4ca99295

  • SHA512

    e4a41fbf997bb40f575f032468a8ae0c58283d53f7c65cf80d88e62a6a8ddd64b9fcf437ef9d8734d135f7ec36df1c8853302c40b248e0af135c80cf262d1d66

  • SSDEEP

    24576:R202Z/7FM5yhWozDeq+AvOY9uMX4vqLA5TAb/aCSkl5l/Hld:R21Thx3n/OY0MI8bi4l5V

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.1MB

    • MD5

      4798ff14c9050c5e5be4008ce21dfcfb

    • SHA1

      0446d0b9bfa93a51308e2c8984673f7a33ab1c71

    • SHA256

      f22ab9ff0e36205a7fd778ba9ffc6fdb57814846d675532da90b929a4ca99295

    • SHA512

      e4a41fbf997bb40f575f032468a8ae0c58283d53f7c65cf80d88e62a6a8ddd64b9fcf437ef9d8734d135f7ec36df1c8853302c40b248e0af135c80cf262d1d66

    • SSDEEP

      24576:R202Z/7FM5yhWozDeq+AvOY9uMX4vqLA5TAb/aCSkl5l/Hld:R21Thx3n/OY0MI8bi4l5V

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks