Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    405KB

  • Sample

    221010-r75k5acca5

  • MD5

    eabf529b6670896aa7be9ebf12c8c4be

  • SHA1

    c11ba0946fb54213f128152214b201e438e77003

  • SHA256

    9c6e7d1cc84f620c9f9d01c11bb7bdc1e7b8412b7698aed8b836cc386e089031

  • SHA512

    6cfd6dbd1ce910579827698ffb4383a68ca50503bbfa83e875d762e29a8c64a077e52b4eaedd8d6ee23c74cc9541cfc6674504106e2bec307b2ab08b265b0f39

  • SSDEEP

    6144:+oe0SgPX/qIy7F3Ulc1pRs30Va2l2lU7dzQW1LrrwVfquS:+o/X/qWsRKZK7+4rd

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

208.67.104.97

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      405KB

    • MD5

      eabf529b6670896aa7be9ebf12c8c4be

    • SHA1

      c11ba0946fb54213f128152214b201e438e77003

    • SHA256

      9c6e7d1cc84f620c9f9d01c11bb7bdc1e7b8412b7698aed8b836cc386e089031

    • SHA512

      6cfd6dbd1ce910579827698ffb4383a68ca50503bbfa83e875d762e29a8c64a077e52b4eaedd8d6ee23c74cc9541cfc6674504106e2bec307b2ab08b265b0f39

    • SSDEEP

      6144:+oe0SgPX/qIy7F3Ulc1pRs30Va2l2lU7dzQW1LrrwVfquS:+o/X/qWsRKZK7+4rd

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks