Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221025-g93t7sbgcl

  • MD5

    707b7e52249d5d69bcab9380e8864512

  • SHA1

    ac9730e9fbf2d17d62138c8f1cc664e61c874245

  • SHA256

    0153af8dcd29aa8d23280358833684fa6f8609820346580983091a0482917a25

  • SHA512

    9d33cd155800365c581d54f6dd9199f9820d71c8508813e88f2b6415f082a216289565fdda7c4a8b4213e4553ced5c8d2a5d3973539051e1b8c1852e386dfe77

  • SSDEEP

    49152:Z2F8CYH9I5uAGCA/6eD+3TrbJBkbkPtf/xJAbKm4L/Vhi2D+L5C8EOA5hq:MF15lGCbeWrbJBkbg/cmnTR8gVDq

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      707b7e52249d5d69bcab9380e8864512

    • SHA1

      ac9730e9fbf2d17d62138c8f1cc664e61c874245

    • SHA256

      0153af8dcd29aa8d23280358833684fa6f8609820346580983091a0482917a25

    • SHA512

      9d33cd155800365c581d54f6dd9199f9820d71c8508813e88f2b6415f082a216289565fdda7c4a8b4213e4553ced5c8d2a5d3973539051e1b8c1852e386dfe77

    • SSDEEP

      49152:Z2F8CYH9I5uAGCA/6eD+3TrbJBkbkPtf/xJAbKm4L/Vhi2D+L5C8EOA5hq:MF15lGCbeWrbJBkbg/cmnTR8gVDq

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks