nymaim | 503495059153bfa8fa09b59cd78a66af985b6049dc279fdf425135a28dbbf4ed | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-1703-x64

Sharing

General

Target

503495059153bfa8fa09b59cd78a66af985b6049dc279fdf425135a28dbbf4ed
Size

795KB
Sample

220725-vd32zsfaa8
MD5

aef50bdf86f89d69d671353fd2207e8f
SHA1

f394eb58c1db3972c46cb4fc489db67e1d60bd08
SHA256

503495059153bfa8fa09b59cd78a66af985b6049dc279fdf425135a28dbbf4ed
SHA512

2a1f85ebde00147846af3ed340578e1906c2ba7a4ad49de8185438c7e847850db6e40e8a8625d2d3de0919f3a3efb6f132662b6dae33fc70759382c768848283

Score

10^/10

nymaim redline 4 @tag12312341 nam3 infostealer trojan vmprotect

Static task

static1

Behavioral task

behavioral1

Sample

503495059153bfa8fa09b59cd78a66af985b6049dc279fdf425135a28dbbf4ed.exe

Resource

win10-20220718-en

nymaim redline 4 @tag12312341 nam3 infostealer trojan vmprotect

windows10-1703-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

nymaim

C2

208.67.104.9

212.192.241.16

Extracted

Family

redline

Botnet

nam3

C2

103.89.90.61:18728

Attributes

auth_value
64b900120bbceaa6a9c60e9079492895

Extracted

Family

redline

Botnet

4

C2

31.41.244.134:11643

Attributes

auth_value
a516b2d034ecd34338f12b50347fbd92

Extracted

Family

redline

Botnet

@tag12312341

C2

62.204.41.144:14096

Attributes

auth_value
71466795417275fac01979e57016e277

Targets

- Target
  
  503495059153bfa8fa09b59cd78a66af985b6049dc279fdf425135a28dbbf4ed
- Size
  
  795KB
- MD5
  
  aef50bdf86f89d69d671353fd2207e8f
- SHA1
  
  f394eb58c1db3972c46cb4fc489db67e1d60bd08
- SHA256
  
  503495059153bfa8fa09b59cd78a66af985b6049dc279fdf425135a28dbbf4ed
- SHA512
  
  2a1f85ebde00147846af3ed340578e1906c2ba7a4ad49de8185438c7e847850db6e40e8a8625d2d3de0919f3a3efb6f132662b6dae33fc70759382c768848283
Score

10^/10

nymaim redline 4 @tag12312341 nam3 infostealer trojan vmprotect
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Drops file in Drivers directory
- Executes dropped EXE
- VMProtect packed file
  Detects executables packed with VMProtect commercial packer.
  vmprotect
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

nymaimredline4@tag12312341nam3infostealertrojanvmprotect

© 2018-2024

Terms | Privacy