General

  • Target

    file.exe

  • Size

    1MB

  • Sample

    230113-fdzx1aec93

  • MD5

    383641f4535376f7c5b7877f9b738ece

  • SHA1

    d46daddbdcbee799b6fd39c579689c8cd2ce00ae

  • SHA256

    882cb4e4b9c17e33b9210ba6a328f70b7d0b4974351b85cefde988209cb876d5

  • SHA512

    abb60a6f5c4e8fae70a4cc28a3699b7122e912d2f646d0b21930d058391df93355583f3a62aca75f18faf96891c3fe8fed5bdf697061db67c8dbbbf25fff6129

  • SSDEEP

    24576:g20hhVgla9F5XQiIznEKlz+O/VoijmqXs7I7eSE2GBGp145oGYf+kATuCqtn/:g2QVL9F5XQiIf/rvsq0bO45ZkATuCE/

Score
10/10

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1MB

    • MD5

      383641f4535376f7c5b7877f9b738ece

    • SHA1

      d46daddbdcbee799b6fd39c579689c8cd2ce00ae

    • SHA256

      882cb4e4b9c17e33b9210ba6a328f70b7d0b4974351b85cefde988209cb876d5

    • SHA512

      abb60a6f5c4e8fae70a4cc28a3699b7122e912d2f646d0b21930d058391df93355583f3a62aca75f18faf96891c3fe8fed5bdf697061db67c8dbbbf25fff6129

    • SSDEEP

      24576:g20hhVgla9F5XQiIznEKlz+O/VoijmqXs7I7eSE2GBGp145oGYf+kATuCqtn/:g2QVL9F5XQiIf/rvsq0bO45ZkATuCE/

    Score
    10/10
    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Tasks