Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    371KB

  • Sample

    220929-te2pwaccep

  • MD5

    d0053c55d6cd2aa8c70aae3bd5f95032

  • SHA1

    b411c19fd2242e49ef16c48598cb7a6887932ad6

  • SHA256

    8e20aa3f6c6659be8b5bb84028d4481f57df81488aaa4a56f333ffee3e13bef3

  • SHA512

    1ad7a431e70633e985feb5d30c99265bc6eb3d736ffe886330ceb6c50feb7dbe2d18d2b2cb43f5db816b4ec44266707b7575bafc2680e8f041df05456ff0e4c7

  • SSDEEP

    6144:Wnz7Hxcm9IKtPwvqv91DF1CinzFJuzbgwuO0Ma8wVfg3L:WvHxc1KtP/vx1CinzunnwM/3

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      371KB

    • MD5

      d0053c55d6cd2aa8c70aae3bd5f95032

    • SHA1

      b411c19fd2242e49ef16c48598cb7a6887932ad6

    • SHA256

      8e20aa3f6c6659be8b5bb84028d4481f57df81488aaa4a56f333ffee3e13bef3

    • SHA512

      1ad7a431e70633e985feb5d30c99265bc6eb3d736ffe886330ceb6c50feb7dbe2d18d2b2cb43f5db816b4ec44266707b7575bafc2680e8f041df05456ff0e4c7

    • SSDEEP

      6144:Wnz7Hxcm9IKtPwvqv91DF1CinzFJuzbgwuO0Ma8wVfg3L:WvHxc1KtP/vx1CinzunnwM/3

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks