Overview

overview

10

Static

static

1fe8e5f03a...6d.exe

windows7-x64

10

1fe8e5f03a...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fe8e5f03a721f0a37fbbf0ea5779d6d.exe

  • Size

    275KB

  • Sample

    221125-hqlbgshe26

  • MD5

    1fe8e5f03a721f0a37fbbf0ea5779d6d

  • SHA1

    ef876bed0fa429ee30b5395b69a89ad4d74a3fcc

  • SHA256

    5eb0b4b21107152dfbfaed3a9c61233233d3cab8a650cbb88dcfc34cff1f99ec

  • SHA512

    35331dc01b743553abc6e17c9aced57fa28d5bca9a0292b6ec5fc6f60574b8710605d7a4fa34a7331847dd4c9349ae1017d44aba975358612988a8a2c49cadac

  • SSDEEP

    6144:+FU/LHPiDaqkg7kKCfVWkF6N+k17tzTpq:+FYjiDaTgvsu7hT

Score
10/10
nymaimtrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      1fe8e5f03a721f0a37fbbf0ea5779d6d.exe

    • Size

      275KB

    • MD5

      1fe8e5f03a721f0a37fbbf0ea5779d6d

    • SHA1

      ef876bed0fa429ee30b5395b69a89ad4d74a3fcc

    • SHA256

      5eb0b4b21107152dfbfaed3a9c61233233d3cab8a650cbb88dcfc34cff1f99ec

    • SHA512

      35331dc01b743553abc6e17c9aced57fa28d5bca9a0292b6ec5fc6f60574b8710605d7a4fa34a7331847dd4c9349ae1017d44aba975358612988a8a2c49cadac

    • SSDEEP

      6144:+FU/LHPiDaqkg7kKCfVWkF6N+k17tzTpq:+FYjiDaTgvsu7hT

    Score
    10/10
    nymaimtrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks