General

  • Target

    file.exe

  • Size

    1.4MB

  • Sample

    230111-evs1caad68

  • MD5

    03b6a7b43bc41de80efd13cde5e4335c

  • SHA1

    097d9b72b17a14b0d48d0a63e83996c6ee7813aa

  • SHA256

    d3043bce9e929d551fb5eb3d51044e1cef50560b2c24ffab3bc7346c24ce8b09

  • SHA512

    e547f2317dd0a0e6ff45c67014835ade2d9c9ebabf62bc49f9d4c955af754873a0f636f294a11787854db090d6376984e8fcd1923c9c887fd42d94db89ba326a

  • SSDEEP

    24576:q20IFqKccUk8gQ0x3GKqHEJkyke87aDpcJ634C75eBqgXC75ld1qSVpk:q2YKcXkQu3Mike874aJ631iOd1qapk

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.4MB

    • MD5

      03b6a7b43bc41de80efd13cde5e4335c

    • SHA1

      097d9b72b17a14b0d48d0a63e83996c6ee7813aa

    • SHA256

      d3043bce9e929d551fb5eb3d51044e1cef50560b2c24ffab3bc7346c24ce8b09

    • SHA512

      e547f2317dd0a0e6ff45c67014835ade2d9c9ebabf62bc49f9d4c955af754873a0f636f294a11787854db090d6376984e8fcd1923c9c887fd42d94db89ba326a

    • SSDEEP

      24576:q20IFqKccUk8gQ0x3GKqHEJkyke87aDpcJ634C75eBqgXC75ld1qSVpk:q2YKcXkQu3Mike874aJ631iOd1qapk

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks