General
-
Target
file.exe
-
Size
1.5MB
-
Sample
230113-k9k6yafg79
-
MD5
1c3eaf8fdd03109dc4bb2e969db3d6f8
-
SHA1
e32749f81ec6c9519098569c7164f7a8c0a3fbce
-
SHA256
e54e5e33dd0492a5d20081d4fa11d1b1c544c1cd7760172fc86953d6ea3f2fad
-
SHA512
a4985f7edb0cf1c09017ade58a0eae8e048be306359d02fa4daafa143f2f203002ef843c91dd1ca3a8e8600020b18c3e7971938099286fbbf2edae5ee55c19c8
-
SSDEEP
24576:g20hhVdOnZy+8ylUouHfgzUC3Bz+MnpEP0qcSevAM8vfN0NvBtnySBd4Yf+kATuD:g2QVovUo6LGzzpccrvQ9mBrckATuCE/
Malware Config
Extracted
nymaim
45.139.105.171
85.31.46.167
Targets
-
-
Target
file.exe
-
Size
1.5MB
-
MD5
1c3eaf8fdd03109dc4bb2e969db3d6f8
-
SHA1
e32749f81ec6c9519098569c7164f7a8c0a3fbce
-
SHA256
e54e5e33dd0492a5d20081d4fa11d1b1c544c1cd7760172fc86953d6ea3f2fad
-
SHA512
a4985f7edb0cf1c09017ade58a0eae8e048be306359d02fa4daafa143f2f203002ef843c91dd1ca3a8e8600020b18c3e7971938099286fbbf2edae5ee55c19c8
-
SSDEEP
24576:g20hhVdOnZy+8ylUouHfgzUC3Bz+MnpEP0qcSevAM8vfN0NvBtnySBd4Yf+kATuD:g2QVovUo6LGzzpccrvQ9mBrckATuCE/
Score10/10-
NyMaim
NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-