Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    284KB

  • Sample

    220925-amrp4adhan

  • MD5

    80e6bd18333c27db9b1f0965de8d9ee3

  • SHA1

    1a729df147eed358f19c834a8110361e40f6452c

  • SHA256

    9861d88c6d1b52d3d521da99f9489ec4db8cd240e39723754fe72631d1c64d42

  • SHA512

    7c2269195952523243b45e6350b6ba674f96869c82c8d7df8b14c9cbd1c2ca94a2f54401bf95506214d88bec7b7a8eef749c6bf70efc45aa1df52abb0f6217f3

  • SSDEEP

    6144:DdL5nP9M8jolMAwv4nuvTMVkp+Des2C9Y:xlnyMoljwBvTMkpCesa

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      284KB

    • MD5

      80e6bd18333c27db9b1f0965de8d9ee3

    • SHA1

      1a729df147eed358f19c834a8110361e40f6452c

    • SHA256

      9861d88c6d1b52d3d521da99f9489ec4db8cd240e39723754fe72631d1c64d42

    • SHA512

      7c2269195952523243b45e6350b6ba674f96869c82c8d7df8b14c9cbd1c2ca94a2f54401bf95506214d88bec7b7a8eef749c6bf70efc45aa1df52abb0f6217f3

    • SSDEEP

      6144:DdL5nP9M8jolMAwv4nuvTMVkp+Des2C9Y:xlnyMoljwBvTMkpCesa

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks