Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    221123-pf2n2sbc75

  • MD5

    40a441dbadc44139a05155ba53b1a150

  • SHA1

    ed621159ed478e6d9186164f4637315a110273cb

  • SHA256

    04dbd463c557af8dd3c6354882561a5b65add1049b7fd80d2af01039c07e8da3

  • SHA512

    8b4664715fa5deb48970b6b973991a2656be8a320d60a6d6a0fef4a54874e220a3f3a52af98c507693e48ca00e05b7f85deb964e7cc4938a8bf450dc7c9a1ab1

  • SSDEEP

    24576:9izS+osa1CiPYheFMyL4h3umkG4i7oAMLKxFYM2utj1g1iwpZjNuf5OJYgZIY7ee:W1osaoiP80dQePG4i7dMLK/YM2ojyik9

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      40a441dbadc44139a05155ba53b1a150

    • SHA1

      ed621159ed478e6d9186164f4637315a110273cb

    • SHA256

      04dbd463c557af8dd3c6354882561a5b65add1049b7fd80d2af01039c07e8da3

    • SHA512

      8b4664715fa5deb48970b6b973991a2656be8a320d60a6d6a0fef4a54874e220a3f3a52af98c507693e48ca00e05b7f85deb964e7cc4938a8bf450dc7c9a1ab1

    • SSDEEP

      24576:9izS+osa1CiPYheFMyL4h3umkG4i7oAMLKxFYM2utj1g1iwpZjNuf5OJYgZIY7ee:W1osaoiP80dQePG4i7dMLK/YM2ojyik9

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks