Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    415KB

  • Sample

    220927-1fwzcaefc4

  • MD5

    2bbd5e6de0a79d3bc3b76f0b996141f9

  • SHA1

    5260c1e39da5ed84fb1d5d232f4ce5d07901a40f

  • SHA256

    49c6e4c85333d50090a51d3d95bbc2ecda4e461dcb0f14f5ca730ebf540f1f9f

  • SHA512

    05a5478f2c4522bf336d17dd61bceb18b8cbb194c1e5cd2b6e96856efceee434958ca29114b9cf7738da1d70218f2772fb2eb9933cea0211e521d29fe5986fe9

  • SSDEEP

    6144:cwa7zbKs6fHNJj8+oJa4HnQ6J0kurPG+tMnbMaLVA0k0PnigabwVfs:cwa7zWpft7F4HnbJ0tMnwgPiB

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      415KB

    • MD5

      2bbd5e6de0a79d3bc3b76f0b996141f9

    • SHA1

      5260c1e39da5ed84fb1d5d232f4ce5d07901a40f

    • SHA256

      49c6e4c85333d50090a51d3d95bbc2ecda4e461dcb0f14f5ca730ebf540f1f9f

    • SHA512

      05a5478f2c4522bf336d17dd61bceb18b8cbb194c1e5cd2b6e96856efceee434958ca29114b9cf7738da1d70218f2772fb2eb9933cea0211e521d29fe5986fe9

    • SSDEEP

      6144:cwa7zbKs6fHNJj8+oJa4HnQ6J0kurPG+tMnbMaLVA0k0PnigabwVfs:cwa7zWpft7F4HnbJ0tMnwgPiB

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks