nymaim | 5eb0b4b21107152dfbfaed3a9c61233233d3cab8a650cbb88dcfc34cff1f99ec | Triage

Sharing

General

Target

1fe8e5f03a721f0a37fbbf0ea5779d6d.exe
Size

275KB
Sample

221125-hqdawach7w
MD5

1fe8e5f03a721f0a37fbbf0ea5779d6d
SHA1

ef876bed0fa429ee30b5395b69a89ad4d74a3fcc
SHA256

5eb0b4b21107152dfbfaed3a9c61233233d3cab8a650cbb88dcfc34cff1f99ec
SHA512

35331dc01b743553abc6e17c9aced57fa28d5bca9a0292b6ec5fc6f60574b8710605d7a4fa34a7331847dd4c9349ae1017d44aba975358612988a8a2c49cadac
SSDEEP

6144:+FU/LHPiDaqkg7kKCfVWkF6N+k17tzTpq:+FYjiDaTgvsu7hT

Score

10^/10

nymaim trojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  1fe8e5f03a721f0a37fbbf0ea5779d6d.exe
- Size
  
  275KB
- MD5
  
  1fe8e5f03a721f0a37fbbf0ea5779d6d
- SHA1
  
  ef876bed0fa429ee30b5395b69a89ad4d74a3fcc
- SHA256
  
  5eb0b4b21107152dfbfaed3a9c61233233d3cab8a650cbb88dcfc34cff1f99ec
- SHA512
  
  35331dc01b743553abc6e17c9aced57fa28d5bca9a0292b6ec5fc6f60574b8710605d7a4fa34a7331847dd4c9349ae1017d44aba975358612988a8a2c49cadac
- SSDEEP
  
  6144:+FU/LHPiDaqkg7kKCfVWkF6N+k17tzTpq:+FYjiDaTgvsu7hT
Score

10^/10

nymaim trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2