nymaim | 21399a0ba530065b123a8e27789516d3b5bc3524f399b54fcec1df2a8cf54a01 | Triage

Sharing

General

Target

2185f9871584f842f3860887b2b05c5e.exe
Size

5.1MB
Sample

220911-rmaj9abgb3
MD5

2185f9871584f842f3860887b2b05c5e
SHA1

f7ff56cf61da3989bf014f06f5372de1b33ded93
SHA256

21399a0ba530065b123a8e27789516d3b5bc3524f399b54fcec1df2a8cf54a01
SHA512

fdcd621fa19139d2ca84145d02ac2a87bb8058d737889e85e0a5101a2f9916bdd1c1a794becaa35042c97cb56704ba0ae5cfd13f26f1b2ee6518efac3babf23a
SSDEEP

49152:2PFJCvLqOaSTK5ISawpVpVliC8TkxY+kut4pRju5lhnsVfB0n7:2PFsjqOaSFUK+kumpRyBsV50n7

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

- Target
  
  2185f9871584f842f3860887b2b05c5e.exe
- Size
  
  5.1MB
- MD5
  
  2185f9871584f842f3860887b2b05c5e
- SHA1
  
  f7ff56cf61da3989bf014f06f5372de1b33ded93
- SHA256
  
  21399a0ba530065b123a8e27789516d3b5bc3524f399b54fcec1df2a8cf54a01
- SHA512
  
  fdcd621fa19139d2ca84145d02ac2a87bb8058d737889e85e0a5101a2f9916bdd1c1a794becaa35042c97cb56704ba0ae5cfd13f26f1b2ee6518efac3babf23a
- SSDEEP
  
  49152:2PFJCvLqOaSTK5ISawpVpVliC8TkxY+kut4pRju5lhnsVfB0n7:2PFsjqOaSFUK+kumpRyBsV50n7
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2