Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    221123-xe665shg8s

  • MD5

    e28c126852fa8e1fb49b4a25afdca139

  • SHA1

    faa978cf44979d4f203f65bc8f47ea090c0c2c06

  • SHA256

    33363a25a1d5dd1390067bacdea908ef9ab906e9e91970e90e1d82446562e32c

  • SHA512

    f7cfc4bdddc34de88f9f4efcdf0666d560f747bc6ccfbbca4ff76076c8779cda3f21615ae5c49e1eb135819aa08ba0046f86300e4ea5968b2c9d99c920d8d272

  • SSDEEP

    24576:5izHOP9k0DH6CTZpAs6LQ34KliqS7Rr9K7+6z1Cs5z6xgZIY7eCLxYi3:yHOP9k0D712Q348aRrk7+ar6eNeVi3

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      e28c126852fa8e1fb49b4a25afdca139

    • SHA1

      faa978cf44979d4f203f65bc8f47ea090c0c2c06

    • SHA256

      33363a25a1d5dd1390067bacdea908ef9ab906e9e91970e90e1d82446562e32c

    • SHA512

      f7cfc4bdddc34de88f9f4efcdf0666d560f747bc6ccfbbca4ff76076c8779cda3f21615ae5c49e1eb135819aa08ba0046f86300e4ea5968b2c9d99c920d8d272

    • SSDEEP

      24576:5izHOP9k0DH6CTZpAs6LQ34KliqS7Rr9K7+6z1Cs5z6xgZIY7eCLxYi3:yHOP9k0D712Q348aRrk7+ar6eNeVi3

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks