Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    2.3MB

  • Sample

    221219-lg25eshg5v

  • MD5

    50809b843bd0bbefe91875878ac26bc0

  • SHA1

    6e29dccb040a50c82bb2326f366446eaed805c51

  • SHA256

    0cae446a9050d019b0c0bb7f63e1482a837c5ebd235848b0201982edbd968605

  • SHA512

    a443699e3f6f629284ad0e392190d11f2eed65cde442d3552f127f4f90f37ca4e4a435dbb4eaed5cebaed6bece366c3462d9e9e9d03e60e356cbff9613e1f220

  • SSDEEP

    49152:X1JQTcRkYsU8LD7rvVq/IlPL6w/ErCvunW6YkfvN9WKKic3:XkTcGUGD7rIwdL6w/zKW6Y4DWrii

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      2.3MB

    • MD5

      50809b843bd0bbefe91875878ac26bc0

    • SHA1

      6e29dccb040a50c82bb2326f366446eaed805c51

    • SHA256

      0cae446a9050d019b0c0bb7f63e1482a837c5ebd235848b0201982edbd968605

    • SHA512

      a443699e3f6f629284ad0e392190d11f2eed65cde442d3552f127f4f90f37ca4e4a435dbb4eaed5cebaed6bece366c3462d9e9e9d03e60e356cbff9613e1f220

    • SSDEEP

      49152:X1JQTcRkYsU8LD7rvVq/IlPL6w/ErCvunW6YkfvN9WKKic3:XkTcGUGD7rIwdL6w/zKW6Y4DWrii

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks