nymaim | 21399a0ba530065b123a8e27789516d3b5bc3524f399b54fcec1df2a8cf54a01 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2185f98715...5e.exe

windows7-x64

2185f98715...5e.exe

windows10-2004-x64

Sharing

General

Target

2185f9871584f842f3860887b2b05c5e.exe
Size

5.1MB
Sample

220911-rmaj9abgb3
MD5

2185f9871584f842f3860887b2b05c5e
SHA1

f7ff56cf61da3989bf014f06f5372de1b33ded93
SHA256

21399a0ba530065b123a8e27789516d3b5bc3524f399b54fcec1df2a8cf54a01
SHA512

fdcd621fa19139d2ca84145d02ac2a87bb8058d737889e85e0a5101a2f9916bdd1c1a794becaa35042c97cb56704ba0ae5cfd13f26f1b2ee6518efac3babf23a
SSDEEP

49152:2PFJCvLqOaSTK5ISawpVpVliC8TkxY+kut4pRju5lhnsVfB0n7:2PFsjqOaSFUK+kumpRyBsV50n7

Score

10^/10

nymaim trojan

Static task

static1

Behavioral task

behavioral1

Sample

2185f9871584f842f3860887b2b05c5e.exe

Resource

win7-20220901-en

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

2185f9871584f842f3860887b2b05c5e.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

- Target
  
  2185f9871584f842f3860887b2b05c5e.exe
- Size
  
  5.1MB
- MD5
  
  2185f9871584f842f3860887b2b05c5e
- SHA1
  
  f7ff56cf61da3989bf014f06f5372de1b33ded93
- SHA256
  
  21399a0ba530065b123a8e27789516d3b5bc3524f399b54fcec1df2a8cf54a01
- SHA512
  
  fdcd621fa19139d2ca84145d02ac2a87bb8058d737889e85e0a5101a2f9916bdd1c1a794becaa35042c97cb56704ba0ae5cfd13f26f1b2ee6518efac3babf23a
- SSDEEP
  
  49152:2PFJCvLqOaSTK5ISawpVpVliC8TkxY+kut4pRju5lhnsVfB0n7:2PFsjqOaSFUK+kumpRyBsV50n7
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.