General

  • Target

    file.exe

  • Size

    1MB

  • Sample

    230113-emcy6aeb43

  • MD5

    bc675ca6773653ce39517664da28edf6

  • SHA1

    8cd301feb6566d260c1202d8c9c8867640414d29

  • SHA256

    f9851fb5ccfe63fd5fe04fea351bb0ae3ce38ecbfa53d06c71a327a55680ffb7

  • SHA512

    225c60006265195fba4f6e86f352ad362eb4975258b56ea3db4aa2e79d31a860522f6a7299698b88e6355bd5584a9efa920d7a7686f84eab94518ce763fe390b

  • SSDEEP

    24576:D20FVXdILESeGVhAL2NB/KFXgwdlAPQzwenz5ihaq/A/8AjYf+kATuCqtn/:D2KVXSeJ26gKyenzzq/A/8APkATuCE/

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1MB

    • MD5

      bc675ca6773653ce39517664da28edf6

    • SHA1

      8cd301feb6566d260c1202d8c9c8867640414d29

    • SHA256

      f9851fb5ccfe63fd5fe04fea351bb0ae3ce38ecbfa53d06c71a327a55680ffb7

    • SHA512

      225c60006265195fba4f6e86f352ad362eb4975258b56ea3db4aa2e79d31a860522f6a7299698b88e6355bd5584a9efa920d7a7686f84eab94518ce763fe390b

    • SSDEEP

      24576:D20FVXdILESeGVhAL2NB/KFXgwdlAPQzwenz5ihaq/A/8AjYf+kATuCqtn/:D2KVXSeJ26gKyenzzq/A/8APkATuCE/

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks