Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221216-dsf3bsea55

  • MD5

    0c2e8d74a5db0d180de6c674035dd020

  • SHA1

    2c5ee63431e5ed06096617bdc57faf2202bdd733

  • SHA256

    b8dae8f3a780f035fce473a31937dc556e95bbeb1055b2d02a09c0dd893fe0f9

  • SHA512

    c22a1a413bfed0935aba6bb50e997a553c7bcc11b9bc148ec4397ac65afb8f0a2052b84376a22c317e2151c9db74c168f07dc1ed05eddfe15ea89c4030a38214

  • SSDEEP

    49152:Epj/5gE953wNpKlExRt1mLvGzfmQaM9eOCgSY/imj:EpKE/AfKaxRuTGrmPM9cY/imj

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      0c2e8d74a5db0d180de6c674035dd020

    • SHA1

      2c5ee63431e5ed06096617bdc57faf2202bdd733

    • SHA256

      b8dae8f3a780f035fce473a31937dc556e95bbeb1055b2d02a09c0dd893fe0f9

    • SHA512

      c22a1a413bfed0935aba6bb50e997a553c7bcc11b9bc148ec4397ac65afb8f0a2052b84376a22c317e2151c9db74c168f07dc1ed05eddfe15ea89c4030a38214

    • SSDEEP

      49152:Epj/5gE953wNpKlExRt1mLvGzfmQaM9eOCgSY/imj:EpKE/AfKaxRuTGrmPM9cY/imj

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks