nymaim | 5d59918ce4a82077f71fa248bf45aea8b1937adbbafd5cf0d1c518799007acfb | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

220KB
Sample

221003-jfs41sfadn
MD5

5ad8f4a88035e5e94787e34004b0e58c
SHA1

998908ccbf798430c268c4f4ff2fd5c8db07c142
SHA256

5d59918ce4a82077f71fa248bf45aea8b1937adbbafd5cf0d1c518799007acfb
SHA512

5b6945ac9c6f961fa289fb31b198a5a651c72b139f76b708fdb98c1eedc0df9eb5368f87f573254d0a1f7051f333dd6143a5e0672cf1d1c5a82dd416fb1e6a24
SSDEEP

3072:9BbhegORVLV/xlGqg56+Ua3WWakts8DH/RMt03IXCmYvRGe31kntVP+paM5utMHl:9ehJl0GaNDhetEyCHvRGeFwPBIuS

Score

10^/10

nymaim trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20220901-en

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20220812-en

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

- Target
  
  file.exe
- Size
  
  220KB
- MD5
  
  5ad8f4a88035e5e94787e34004b0e58c
- SHA1
  
  998908ccbf798430c268c4f4ff2fd5c8db07c142
- SHA256
  
  5d59918ce4a82077f71fa248bf45aea8b1937adbbafd5cf0d1c518799007acfb
- SHA512
  
  5b6945ac9c6f961fa289fb31b198a5a651c72b139f76b708fdb98c1eedc0df9eb5368f87f573254d0a1f7051f333dd6143a5e0672cf1d1c5a82dd416fb1e6a24
- SSDEEP
  
  3072:9BbhegORVLV/xlGqg56+Ua3WWakts8DH/RMt03IXCmYvRGe31kntVP+paM5utMHl:9ehJl0GaNDhetEyCHvRGeFwPBIuS
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Downloads MZ/PE file
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Legitimate hosting services abused for malware hosting/C2
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy