nymaim | 32474b6648ae92b066f322dfbed06b0cb51b203f0309ae0f79f4732650c7a13d | Triage

Sharing

General

Target

file
Size

1.4MB
Sample

221124-zv2mpshg79
MD5

37137f41a2ecc1e2b9eb829d95723597
SHA1

301385ae91a430970b221e1712ab8553403c8092
SHA256

32474b6648ae92b066f322dfbed06b0cb51b203f0309ae0f79f4732650c7a13d
SHA512

2bc6924602b2111a555f98a9526fd7ea707fc2bed5cfae0064c078879b388fd3d3b0a98e9ffd5cad2acb17dd487e512e5f13e46c714b6a17ff3e738c0158d374
SSDEEP

24576:xizGbxrOiiOxXq3A58V3tuLfMZs1QGKNEZJCz4SsJihtpEEmEpHvetwCgZIY7eCT:aGbgiidV3afMZ0BEUA4P6p1mGHmtYNek

Score

10^/10

nymaim discovery trojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  file
- Size
  
  1.4MB
- MD5
  
  37137f41a2ecc1e2b9eb829d95723597
- SHA1
  
  301385ae91a430970b221e1712ab8553403c8092
- SHA256
  
  32474b6648ae92b066f322dfbed06b0cb51b203f0309ae0f79f4732650c7a13d
- SHA512
  
  2bc6924602b2111a555f98a9526fd7ea707fc2bed5cfae0064c078879b388fd3d3b0a98e9ffd5cad2acb17dd487e512e5f13e46c714b6a17ff3e738c0158d374
- SSDEEP
  
  24576:xizGbxrOiiOxXq3A58V3tuLfMZs1QGKNEZJCz4SsJihtpEEmEpHvetwCgZIY7eCT:aGbgiidV3afMZ0BEUA4P6p1mGHmtYNek
Score

10^/10

nymaim discovery trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nymaimdiscoverytrojan

behavioral2

nymaimdiscoverytrojan