Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.4MB

  • Sample

    221019-gqwa1sfdfp

  • MD5

    c6f36c225f1811f6cafe6e6409200a26

  • SHA1

    2e958f8be269399945ba31554d3e32c4bc02e3ea

  • SHA256

    19855cf2c3c1cd3eddd958cccc30d22567cb44ba59b4bee30fa40531ad201137

  • SHA512

    fb3c48f6306f1c772c1a6cfa83df982615125f9e5a292e37340460b69cedf05e3695dae7d96827a6ecdc703c9ac8b3bdd92ccd7648eb54f773bacecb6dde3470

  • SSDEEP

    49152:Z2XEhwfjhol4u94+A9eunbWA34OHUqIp109AMB+fR0A5hq:MXEhwNol4+3uKOHUzpO9GZbDq

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.15.156.54

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.4MB

    • MD5

      c6f36c225f1811f6cafe6e6409200a26

    • SHA1

      2e958f8be269399945ba31554d3e32c4bc02e3ea

    • SHA256

      19855cf2c3c1cd3eddd958cccc30d22567cb44ba59b4bee30fa40531ad201137

    • SHA512

      fb3c48f6306f1c772c1a6cfa83df982615125f9e5a292e37340460b69cedf05e3695dae7d96827a6ecdc703c9ac8b3bdd92ccd7648eb54f773bacecb6dde3470

    • SSDEEP

      49152:Z2XEhwfjhol4u94+A9eunbWA34OHUqIp109AMB+fR0A5hq:MXEhwNol4+3uKOHUzpO9GZbDq

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks