nymaim | 2b11ad3994b31b11b321e7281b5593be0fb9c40d8367f3c95d437c1c543f7f99 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cbe5ad908eaff3c57dc24bd937c2268e380926ea39e69cd77d0ad7854aa73f19
Size

228KB
Sample

221031-vr7bkacdcr
MD5

1f16a65728ff8b555da42647e94a03f8
SHA1

5608b2698cdabf97569ed230efa007bc8de1dd95
SHA256

2b11ad3994b31b11b321e7281b5593be0fb9c40d8367f3c95d437c1c543f7f99
SHA512

0d68b09d1faa367aa5828d5991e27d27848ec35cb404116eac925cb6cafd030b72b30695032daa7f1bd549d9b0c927e6219c46a6c1793eb1fa4e4ebe243502e4
SSDEEP

6144:xAMjyyWVswvZFLWyE6tyWxYObyHByYxTfloQFOOwjFJO77g2:qMBXw+yJ4WxYObcyY7KOWY7E2

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  cbe5ad908eaff3c57dc24bd937c2268e380926ea39e69cd77d0ad7854aa73f19
- Size
  
  300KB
- MD5
  
  baf64e13d868293522c6014a07f5d8f7
- SHA1
  
  548fdfb25fd58942eb2f9bd291408498ee441448
- SHA256
  
  cbe5ad908eaff3c57dc24bd937c2268e380926ea39e69cd77d0ad7854aa73f19
- SHA512
  
  c4a859582ba7f077a951eedee292c4acdccfdb0287f0611ca85970fb6392d9502bca64d6bb6e21ba9c4a6524adcb94a7a803c000d837f0fd8bd1b949ef1ac095
- SSDEEP
  
  6144:GdAowps+XLtSolGtyWxYOPyHByYxNfloQFOOwhFJOy3odai:GdKiuRS94WxYOPcyYJKOOYyFi
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2