Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file

  • Size

    2.8MB

  • Sample

    221107-la2kbahea6

  • MD5

    7e51541a1b24079d15479008ab51f9a0

  • SHA1

    5a558038b732a19f8d498b7e186642d81fbb70d8

  • SHA256

    92e03f4fa8da4dba74ff34c978183462731724c0c1dd32b535d34f39ac8fe5c0

  • SHA512

    a44fc89f5144d1c3cb2ebb26bb28a540621c1fb1c2f01799580bce7c4d834f23053b8eb0b3d45a47702d3642651ed72362705c744482ac106f883aa6074348d6

  • SSDEEP

    49152:Z2VN1ERpdepmqQve75WzYGqc20zgHu3NCUbEVnUH/XsZi1hc4PA5hq:Mj1Ipdepp5W0Gqp0zg8MUPxgDq

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file

    • Size

      2.8MB

    • MD5

      7e51541a1b24079d15479008ab51f9a0

    • SHA1

      5a558038b732a19f8d498b7e186642d81fbb70d8

    • SHA256

      92e03f4fa8da4dba74ff34c978183462731724c0c1dd32b535d34f39ac8fe5c0

    • SHA512

      a44fc89f5144d1c3cb2ebb26bb28a540621c1fb1c2f01799580bce7c4d834f23053b8eb0b3d45a47702d3642651ed72362705c744482ac106f883aa6074348d6

    • SSDEEP

      49152:Z2VN1ERpdepmqQve75WzYGqc20zgHu3NCUbEVnUH/XsZi1hc4PA5hq:Mj1Ipdepp5W0Gqp0zg8MUPxgDq

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks