nymaim | a543199fd8c26e4f0ce51764981dd373256aa3cdfbc7ecfe3763e3e4cf3eea42 | Triage

Sharing

General

Target

file.exe
Size

390KB
Sample

220917-amrp4acgem
MD5

c86553df857b1b070745b80260ff4a4b
SHA1

70b512b159f76b35a2d4ff97c6e108984fd730ac
SHA256

a543199fd8c26e4f0ce51764981dd373256aa3cdfbc7ecfe3763e3e4cf3eea42
SHA512

b115fe3380308096d31779ffd18430dbb5a8b099a78262b2331781809db0bd77184086e359f8a1128a08b8f76143ef02c79d2f91d813a396804cc44ac0d75c9e
SSDEEP

6144:mSAuLcL/1YiXOo62xAK5KSnn0fqVJgar8ZqvQJr0eTnigabwVf:fZALNLOoxqEn0f8KaIZ6VAi

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

- Target
  
  file.exe
- Size
  
  390KB
- MD5
  
  c86553df857b1b070745b80260ff4a4b
- SHA1
  
  70b512b159f76b35a2d4ff97c6e108984fd730ac
- SHA256
  
  a543199fd8c26e4f0ce51764981dd373256aa3cdfbc7ecfe3763e3e4cf3eea42
- SHA512
  
  b115fe3380308096d31779ffd18430dbb5a8b099a78262b2331781809db0bd77184086e359f8a1128a08b8f76143ef02c79d2f91d813a396804cc44ac0d75c9e
- SSDEEP
  
  6144:mSAuLcL/1YiXOo62xAK5KSnn0fqVJgar8ZqvQJr0eTnigabwVf:fZALNLOoxqEn0f8KaIZ6VAi
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2