General
-
Target
file.exe
-
Size
1.5MB
-
Sample
230112-nnad4afg78
-
MD5
d1516f04a6feba6497ca7c609000e019
-
SHA1
e770b77c30e34b7d6683aa7e42623dbacc4e62c2
-
SHA256
00775c38191eca8445202ad3aff09a275aae111d00b2a87b8ba77162284801e9
-
SHA512
800274ed0ce5c30f5b9ecbe93c265dcdb69e9a93879962ec8366b01a7c2e8145f1ccb0005d48974f7e994f08575fded34ebd89cada79661a92726870a0bfb088
-
SSDEEP
24576:220Sx+Uf/kAE605Im6RqJWVhRPMq2WkU7bKgXC75ld1qSVpk:228O8Aj0im6RqAapWjbud1qapk
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
1.5MB
-
MD5
d1516f04a6feba6497ca7c609000e019
-
SHA1
e770b77c30e34b7d6683aa7e42623dbacc4e62c2
-
SHA256
00775c38191eca8445202ad3aff09a275aae111d00b2a87b8ba77162284801e9
-
SHA512
800274ed0ce5c30f5b9ecbe93c265dcdb69e9a93879962ec8366b01a7c2e8145f1ccb0005d48974f7e994f08575fded34ebd89cada79661a92726870a0bfb088
-
SSDEEP
24576:220Sx+Uf/kAE605Im6RqJWVhRPMq2WkU7bKgXC75ld1qSVpk:228O8Aj0im6RqAapWjbud1qapk
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-