General

  • Target

    file

  • Size

    1.7MB

  • Sample

    230112-mxlcaabe7t

  • MD5

    0147dae786453ffdd3605ea7f63d89ae

  • SHA1

    0563fb8d0cc99e21ced82f228fc33e95fa400089

  • SHA256

    4da15dc32bdeb9405b224478c190a55265d2b0c8a6f38dac35aa4ba032b33f56

  • SHA512

    cb8be85072b10db386b80691f87fe15c1b4c74e07a95616565af9f3fbb4d8cde27dce2ef72e0915a12f321af9209581e2aa2058bbfab9e29dc9cb262b6f8f9f7

  • SSDEEP

    49152:228R46ukhWQRQ9TKzlmGPmI90qMd1qapk:P2ukhW3GzlmGPmIqBd1Zi

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file

    • Size

      1.7MB

    • MD5

      0147dae786453ffdd3605ea7f63d89ae

    • SHA1

      0563fb8d0cc99e21ced82f228fc33e95fa400089

    • SHA256

      4da15dc32bdeb9405b224478c190a55265d2b0c8a6f38dac35aa4ba032b33f56

    • SHA512

      cb8be85072b10db386b80691f87fe15c1b4c74e07a95616565af9f3fbb4d8cde27dce2ef72e0915a12f321af9209581e2aa2058bbfab9e29dc9cb262b6f8f9f7

    • SSDEEP

      49152:228R46ukhWQRQ9TKzlmGPmI90qMd1qapk:P2ukhW3GzlmGPmIqBd1Zi

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks