General
-
Target
file.exe
-
Size
1.5MB
-
Sample
230112-17cd1sfa2z
-
MD5
c0fd07553cf811cca30558dfff08dc42
-
SHA1
1dc57a4ec51025cd0adf7f07ae87fd8f8ccb0d07
-
SHA256
22f55b6fb8f67efba66e66cdb0ae32fd0e93c4e29e855c6794ebd2e854b49b5e
-
SHA512
133f9f6f9ec1d2d4ff47f46b6bf0da792faded0f247c91179b65ca8a119f9d6e8a781b9a8d2b5f2cfa3fc0df229b76caa90e629891f3a036e63488819b039cd9
-
SSDEEP
24576:220Sx+VsSXLxNF1/bC54AOtipMhb3x1mm52qjhSOpZIVwzOy6fvqpIgXC75ld1qP:2287XtP1TCaAQGPqjYfyOd1qapk
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
1.5MB
-
MD5
c0fd07553cf811cca30558dfff08dc42
-
SHA1
1dc57a4ec51025cd0adf7f07ae87fd8f8ccb0d07
-
SHA256
22f55b6fb8f67efba66e66cdb0ae32fd0e93c4e29e855c6794ebd2e854b49b5e
-
SHA512
133f9f6f9ec1d2d4ff47f46b6bf0da792faded0f247c91179b65ca8a119f9d6e8a781b9a8d2b5f2cfa3fc0df229b76caa90e629891f3a036e63488819b039cd9
-
SSDEEP
24576:220Sx+VsSXLxNF1/bC54AOtipMhb3x1mm52qjhSOpZIVwzOy6fvqpIgXC75ld1qP:2287XtP1TCaAQGPqjYfyOd1qapk
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-