nymaim | 1847483f2f43d92a000f53f0def2429796aea79af8827d97bf6c77f166f534a2 | Triage

Submit
Reports

Overview

overview

Static

static

7a9e33c530...b8.exe

windows7-x64

7a9e33c530...b8.exe

windows10-2004-x64

Sharing

Copy URL Twitter E-mail

General

Target

7a9e33c5307748d5eda1d300f55a0d5efa045edce88bf6d4e2806393f65580b8
Size

2.0MB
Sample

221228-3absbsbh67
MD5

0593946a3eeadc0778aab3370eaafd30
SHA1

22e2cfaf0f426029298eee837d9a7a80d401131d
SHA256

1847483f2f43d92a000f53f0def2429796aea79af8827d97bf6c77f166f534a2
SHA512

9147041491841f6cc09adddfb13727391495fc87b02763a9cac27b6cf7c593d666d59980214da3379c1f68a37320fceeb80b5483f2334489ee2220321b1638ff
SSDEEP

49152:JjKj4ForPCw21WtKDCk2aEs9vj0umPAe6+HCUbTMF5Wc:Esm6w217Dx2a5u2MA

Score

10^/10

nymaim discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

7a9e33c5307748d5eda1d300f55a0d5efa045edce88bf6d4e2806393f65580b8.exe

Resource

win7-20220901-en

nymaim discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

7a9e33c5307748d5eda1d300f55a0d5efa045edce88bf6d4e2806393f65580b8.exe

Resource

win10v2004-20220812-en

nymaim discovery trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  7a9e33c5307748d5eda1d300f55a0d5efa045edce88bf6d4e2806393f65580b8
- Size
  
  2.1MB
- MD5
  
  c9047d22ee6551b3d663d7084f3d1ed1
- SHA1
  
  b9c1320eff08005e55334ad374260d8cd3d787ca
- SHA256
  
  7a9e33c5307748d5eda1d300f55a0d5efa045edce88bf6d4e2806393f65580b8
- SHA512
  
  504157f7f4d0d5fbc029a491f87a49f24c3c5f45ce7fb32ecb8fce5451912c84b06cb47f3ed0741148b0df6a362c2828dbf7fb948cc5f94622f10f74c9b49c3d
- SSDEEP
  
  49152:2ivLILyzK1IFS97Cyy1W1YPYkakGsbvjCYef0C6sBCu319UDXKY:2iv8pK8eyy1ZPZakXyOs0
Score

10^/10

nymaim discovery trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nymaimdiscoverytrojan

behavioral2

nymaimdiscoverytrojan

© 2018-2025

Terms | Privacy