Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    221123-hs7x9shh4v

  • MD5

    e725d19205f4d3856f3937ebb68d166b

  • SHA1

    93370520c15f18dd4a7e6b9bd0a4c64ef739e99d

  • SHA256

    dcfc742cb49800baa0ccdd7ce5dd46dbed34a65b0c321298a896c067817c2aea

  • SHA512

    c4feb947cf649a4ca377f4405e802d611168f7de245837957f07013db87095cf84adb9e45f4d4741914d833db1fd611638d416bdc4da8cae6e87db67d8250649

  • SSDEEP

    24576:Jiz3IT4Oa9JRWtMEAdvYoul4dDy3gxlcMnXTgZIY7eCLxYig:CYtahWuEAVYoDdDyQrVX8NeVig

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      e725d19205f4d3856f3937ebb68d166b

    • SHA1

      93370520c15f18dd4a7e6b9bd0a4c64ef739e99d

    • SHA256

      dcfc742cb49800baa0ccdd7ce5dd46dbed34a65b0c321298a896c067817c2aea

    • SHA512

      c4feb947cf649a4ca377f4405e802d611168f7de245837957f07013db87095cf84adb9e45f4d4741914d833db1fd611638d416bdc4da8cae6e87db67d8250649

    • SSDEEP

      24576:Jiz3IT4Oa9JRWtMEAdvYoul4dDy3gxlcMnXTgZIY7eCLxYig:CYtahWuEAVYoDdDyQrVX8NeVig

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks