Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    221228-zdkymaef41

  • MD5

    f9c07f63feea1279dc78331041b46990

  • SHA1

    41733de102700afb6b6465d5e8c8dba4c31c29f8

  • SHA256

    374ec3fa64848a7dc4ed2e531345b0cb8f9b89d5dbba36fca3373178b2902f30

  • SHA512

    137f46a644e1869d1f931903110cb546b5adf982d2da78d9eeb7eb2f2f4c47890817c77cd92d7d51c4172a8d383991331d527ae15efa764baf0304272d543082

  • SSDEEP

    49152:AiIzAiHQ9RXFG1c5HNY/6gO09QwTCooNZ:AiIz5w3VGq3qrQwE

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      f9c07f63feea1279dc78331041b46990

    • SHA1

      41733de102700afb6b6465d5e8c8dba4c31c29f8

    • SHA256

      374ec3fa64848a7dc4ed2e531345b0cb8f9b89d5dbba36fca3373178b2902f30

    • SHA512

      137f46a644e1869d1f931903110cb546b5adf982d2da78d9eeb7eb2f2f4c47890817c77cd92d7d51c4172a8d383991331d527ae15efa764baf0304272d543082

    • SSDEEP

      49152:AiIzAiHQ9RXFG1c5HNY/6gO09QwTCooNZ:AiIz5w3VGq3qrQwE

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks