Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    406KB

  • Sample

    220927-nat7caeeaj

  • MD5

    dd7b89d15b85c9e180691169abb013c9

  • SHA1

    abc22ddffbf788f4fd932af0af0c8a9d6967a007

  • SHA256

    911d9e4d866dd40977be27cf581a457662b752d2121af307e6fce83cabc6b6f1

  • SHA512

    5c33add21f65d2ad3ebc984850d046a4dc286019a5faeae17ca6d51f4c0871330fc9b5660ed2dcde327c3d9d69daf6ac1e577526479c67f05c209d8a2a5b4f00

  • SSDEEP

    6144:g+5ZnPNUIoK0o14q9DOezc6ncyuIsvlwN90FQnigabwVf:g+nPNUItAEc9IsdhFQi

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      406KB

    • MD5

      dd7b89d15b85c9e180691169abb013c9

    • SHA1

      abc22ddffbf788f4fd932af0af0c8a9d6967a007

    • SHA256

      911d9e4d866dd40977be27cf581a457662b752d2121af307e6fce83cabc6b6f1

    • SHA512

      5c33add21f65d2ad3ebc984850d046a4dc286019a5faeae17ca6d51f4c0871330fc9b5660ed2dcde327c3d9d69daf6ac1e577526479c67f05c209d8a2a5b4f00

    • SSDEEP

      6144:g+5ZnPNUIoK0o14q9DOezc6ncyuIsvlwN90FQnigabwVf:g+nPNUItAEc9IsdhFQi

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks