General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230112-fe4ycaba7v

  • MD5

    b579b6546d79d2e0137b21d35167cc92

  • SHA1

    50b40ac9258d1db7df359b30f3afda81fd3cb6ca

  • SHA256

    553a356a05cecc772e16ab6985ac6efa61d7458e256dc50de2235101ae87a824

  • SHA512

    82a2b26163524531495d8ea21ebe3fa70301699c433cc814046014e51930ea61a654b4a49011197629717421f0a06bf945fcf0d34b7be2bb73bf6993af4faba4

  • SSDEEP

    49152:22807pOABn1dA433dqI4g5bPLd/KN/2d1qapk:Pb7p1nzA2tqNgbzdiNud1Zi

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      b579b6546d79d2e0137b21d35167cc92

    • SHA1

      50b40ac9258d1db7df359b30f3afda81fd3cb6ca

    • SHA256

      553a356a05cecc772e16ab6985ac6efa61d7458e256dc50de2235101ae87a824

    • SHA512

      82a2b26163524531495d8ea21ebe3fa70301699c433cc814046014e51930ea61a654b4a49011197629717421f0a06bf945fcf0d34b7be2bb73bf6993af4faba4

    • SSDEEP

      49152:22807pOABn1dA433dqI4g5bPLd/KN/2d1qapk:Pb7p1nzA2tqNgbzdiNud1Zi

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks