Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.4MB

  • Sample

    221123-p9sy1agd8s

  • MD5

    d042c1d9563bec15fa9b4d42c5a9efc1

  • SHA1

    e55c427ef95d2be30a3818ce1dfd36be6fa84600

  • SHA256

    8cfda84a278b5427942be71112f790b91b29fd782e8a462a37b5f8194bf621a2

  • SHA512

    7047bca31534b566c0102fc48f3680db97e1aa0fa77bb73497b3b933b03bc2a38ad541723afa68293cad63a4a9793fe33cc8bf0d2f725bb3bae75cb1b1c39733

  • SSDEEP

    24576:RizWMMGW2twZ06yojH+D5v5+5+6ilkGq7aKTIopzZIHafeTIGCz37jJOt4TJKbAQ:6rL96yPm5+1STIopzZIHafeT30cuhNeZ

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.4MB

    • MD5

      d042c1d9563bec15fa9b4d42c5a9efc1

    • SHA1

      e55c427ef95d2be30a3818ce1dfd36be6fa84600

    • SHA256

      8cfda84a278b5427942be71112f790b91b29fd782e8a462a37b5f8194bf621a2

    • SHA512

      7047bca31534b566c0102fc48f3680db97e1aa0fa77bb73497b3b933b03bc2a38ad541723afa68293cad63a4a9793fe33cc8bf0d2f725bb3bae75cb1b1c39733

    • SSDEEP

      24576:RizWMMGW2twZ06yojH+D5v5+5+6ilkGq7aKTIopzZIHafeTIGCz37jJOt4TJKbAQ:6rL96yPm5+1STIopzZIHafeT30cuhNeZ

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks