Overview

overview

10

Static

static

1909dc145d...33.exe

windows7_x64

10

1909dc145d...33.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1909dc145d81df639d4ad06a8b0b9933.exe

  • Size

    372KB

  • Sample

    220616-pk26dahdh9

  • MD5

    1909dc145d81df639d4ad06a8b0b9933

  • SHA1

    6021d97bd1b948cd072aa02a946999519225369f

  • SHA256

    30bb0e3893bd496f910db1ef709cf766e1277e0b097363798acd32e2a13fb92d

  • SHA512

    df35908ae1e731df25c6764f4d23da0f53396d40951d2ef96e64f3e94f0dea791cc97187473a943326055e612d1e489eceb0898282ee8f49c290f2a99e1cde06

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

37.0.8.39

31.210.20.149

212.192.241.16

Targets

    • Target

      1909dc145d81df639d4ad06a8b0b9933.exe

    • Size

      372KB

    • MD5

      1909dc145d81df639d4ad06a8b0b9933

    • SHA1

      6021d97bd1b948cd072aa02a946999519225369f

    • SHA256

      30bb0e3893bd496f910db1ef709cf766e1277e0b097363798acd32e2a13fb92d

    • SHA512

      df35908ae1e731df25c6764f4d23da0f53396d40951d2ef96e64f3e94f0dea791cc97187473a943326055e612d1e489eceb0898282ee8f49c290f2a99e1cde06

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks