nymaim | 9f62eb535bbdba09dc711e2228827ab143c482056a70e37256c80c1e76342955 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file
Size

382KB
Sample

220917-kq521ahea7
MD5

8c1859fda00e8653b4b511b178f61bc7
SHA1

44442c40a4183e1f4b8e84320e7aa76b7f3111c1
SHA256

9f62eb535bbdba09dc711e2228827ab143c482056a70e37256c80c1e76342955
SHA512

a6b9884463f2f3dae9d5572c45db7adc7d888c467838e134d36864195540bfa71f4aaf9ea43b5e8f0df3ce979a5332d5c2adbb18cd0df02f5448590af66cb5e3
SSDEEP

6144:T5HfL0cKFJREmXbV1TWqLpW8cNZJVSac5p8sxA4rrGU0XgMnigabwVf:TVfQc0Jb1TWq9YZfc5ptxzOQMi

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

- Target
  
  file
- Size
  
  382KB
- MD5
  
  8c1859fda00e8653b4b511b178f61bc7
- SHA1
  
  44442c40a4183e1f4b8e84320e7aa76b7f3111c1
- SHA256
  
  9f62eb535bbdba09dc711e2228827ab143c482056a70e37256c80c1e76342955
- SHA512
  
  a6b9884463f2f3dae9d5572c45db7adc7d888c467838e134d36864195540bfa71f4aaf9ea43b5e8f0df3ce979a5332d5c2adbb18cd0df02f5448590af66cb5e3
- SSDEEP
  
  6144:T5HfL0cKFJREmXbV1TWqLpW8cNZJVSac5p8sxA4rrGU0XgMnigabwVf:TVfQc0Jb1TWq9YZfc5ptxzOQMi
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2