General

  • Target

    file.exe

  • Size

    1.4MB

  • Sample

    230111-fekvgaae36

  • MD5

    d6b5c659d97bb9b9e85a826153e25de9

  • SHA1

    a163c1b47443709291e10e5165703572649e81d3

  • SHA256

    6d4989238be976802d93aa3ae911fb669a35124e7104a77e2aef1623fbb27d7e

  • SHA512

    f73e9257d8a94fc5b6726175b483370cddc8c5b770253985f14d73cde8fd69a62c31ede58e50ccc782f18399818ecc65614b29ef25dcd1de947ab2dfbbb473c9

  • SSDEEP

    24576:q20IXcEzSItPQQyF1N31V/dttoddmc9Kjh75nTgP5tpTOxrbDyPkFgXC75ld1qSA:q2MEzSIPQHF1N3Plno7p9OtMrpSx/Dyv

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.4MB

    • MD5

      d6b5c659d97bb9b9e85a826153e25de9

    • SHA1

      a163c1b47443709291e10e5165703572649e81d3

    • SHA256

      6d4989238be976802d93aa3ae911fb669a35124e7104a77e2aef1623fbb27d7e

    • SHA512

      f73e9257d8a94fc5b6726175b483370cddc8c5b770253985f14d73cde8fd69a62c31ede58e50ccc782f18399818ecc65614b29ef25dcd1de947ab2dfbbb473c9

    • SSDEEP

      24576:q20IXcEzSItPQQyF1N31V/dttoddmc9Kjh75nTgP5tpTOxrbDyPkFgXC75ld1qSA:q2MEzSIPQHF1N3Plno7p9OtMrpSx/Dyv

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks