nymaim | e4c42e17985ba6085bb41fff68c970e8fe21207667fdbad2637d4f4d096fac44 | Triage

Sharing

General

Target

file.exe
Size

1.4MB
Sample

221125-hj7wxaha78
MD5

20ed23fa3b8eee92ca74ad71306cbd8a
SHA1

202ecd7b4b1ad77ada3f978aaaf5697e2f0c9c04
SHA256

e4c42e17985ba6085bb41fff68c970e8fe21207667fdbad2637d4f4d096fac44
SHA512

4480834deb23e5e2831023bcb6ba82a21eced655dc6d7d997365fd95d1118dd3d897eb1c7cff8bdf27e12be0a486682c5b4d31179753b92bcf81c7d968ab38ee
SSDEEP

24576:pizv58jjFHNWwXvGcnTkXyR81JVHQiemNK2HYHdXnvSogZIY7eCLxYip:ivS3FtWwXvrnge81JVHZzKdf8NeVip

Score

10^/10

nymaim discovery trojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  file.exe
- Size
  
  1.4MB
- MD5
  
  20ed23fa3b8eee92ca74ad71306cbd8a
- SHA1
  
  202ecd7b4b1ad77ada3f978aaaf5697e2f0c9c04
- SHA256
  
  e4c42e17985ba6085bb41fff68c970e8fe21207667fdbad2637d4f4d096fac44
- SHA512
  
  4480834deb23e5e2831023bcb6ba82a21eced655dc6d7d997365fd95d1118dd3d897eb1c7cff8bdf27e12be0a486682c5b4d31179753b92bcf81c7d968ab38ee
- SSDEEP
  
  24576:pizv58jjFHNWwXvGcnTkXyR81JVHQiemNK2HYHdXnvSogZIY7eCLxYip:ivS3FtWwXvrnge81JVHZzKdf8NeVip
Score

10^/10

nymaim discovery trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nymaimdiscoverytrojan

behavioral2