Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221030-e5ynkscbe5

  • MD5

    cadf788f7b70ce95d17672096efc0cf0

  • SHA1

    eb5772049036ced8639635ed73c1a967bfd4f0c7

  • SHA256

    87fa13db9d1bec205a2962f07998ddcf309ba27df58762e6ce6b38833ae9cb93

  • SHA512

    03075de794cade71e9939dc595686ef4837294891cdef136d8205d74c83e9adbe20dae95fb1a35b26dad3495144106301c223e54d1d79072083f16c1e4d37446

  • SSDEEP

    49152:Z29iO1x1XXHSjB2uz0NnaE/qad7cvVjSdJPiylA5hq:MkODdyJ0Na7vVjSNGDq

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      cadf788f7b70ce95d17672096efc0cf0

    • SHA1

      eb5772049036ced8639635ed73c1a967bfd4f0c7

    • SHA256

      87fa13db9d1bec205a2962f07998ddcf309ba27df58762e6ce6b38833ae9cb93

    • SHA512

      03075de794cade71e9939dc595686ef4837294891cdef136d8205d74c83e9adbe20dae95fb1a35b26dad3495144106301c223e54d1d79072083f16c1e4d37446

    • SSDEEP

      49152:Z29iO1x1XXHSjB2uz0NnaE/qad7cvVjSdJPiylA5hq:MkODdyJ0Na7vVjSNGDq

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks