General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    230111-jwj62sfd7v

  • MD5

    2a8810d0648a7e48362e905f0a3753c7

  • SHA1

    24e4e062c676014e6f43b4244876bf12336caedf

  • SHA256

    24aae53ebabef7cac45c042c65eaba905865caf6dd71ef84863270baae2e2f63

  • SHA512

    0cd4ff2c0ac3ff780572012f91662e443f0d04ba1cfe88e4ac8a38654e8c7c0509c0d0456ea859de42072c28d06f51e61b09bd6bff84d605bd6c035a04070584

  • SSDEEP

    24576:q20IFEoVCUjPDkSTpVahKa7SVFxvnNgXC75ld1qSVpk:q2eoVN7dT/ahKOc39d1qapk

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      2a8810d0648a7e48362e905f0a3753c7

    • SHA1

      24e4e062c676014e6f43b4244876bf12336caedf

    • SHA256

      24aae53ebabef7cac45c042c65eaba905865caf6dd71ef84863270baae2e2f63

    • SHA512

      0cd4ff2c0ac3ff780572012f91662e443f0d04ba1cfe88e4ac8a38654e8c7c0509c0d0456ea859de42072c28d06f51e61b09bd6bff84d605bd6c035a04070584

    • SSDEEP

      24576:q20IFEoVCUjPDkSTpVahKa7SVFxvnNgXC75ld1qSVpk:q2eoVN7dT/ahKOc39d1qapk

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks