Overview

overview

10

Static

static

febde8fd7e...6f.exe

windows7-x64

10

febde8fd7e...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

  • Size

    1.7MB

  • Sample

    221230-aqpd5shg9s

  • MD5

    523316bb6ced3b7d753e95a015876fdf

  • SHA1

    c14aa667e2488202e33f894c92ee795eca51b902

  • SHA256

    74760430c11054c722fcbbc2bdc13f51c6d81b2e77ffddfe07a063fb203c8901

  • SHA512

    b12ef7e126d3b5fc5762a806d7b42493bac08673eb0bb4556b241cc792bd003811c3a8a2ddf94cb63dcf87ee929281710b0fff055cf8fa1c76711a9485405d26

  • SSDEEP

    24576:ybsqmSSWn+iJ0OkLgTSUSNe0GpcBad61+0EnG+fqqOtaxlPbbrIqD0O4+Mn2t1V8:HDW+809LswN8JdrnGerDbrBL4+Tt1e6m

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

    • Size

      1.8MB

    • MD5

      c5a31e850e32e4b779a2eb6257cab613

    • SHA1

      f91799e5e4ecf64f8c68cf17b99c03957403523b

    • SHA256

      febde8fd7e0d1b6191442768f2d8dd2d7dd90740c70fe917f3b4f1c24ea0d46f

    • SHA512

      f7e827114d49b60e6751c4337f1d09d8a03f58d8b54c5f7f1ebabee1b22d8af03c96243e1e60a2440491eb6794acf8d153f3c4e4183c329f207cb9348e7c2306

    • SSDEEP

      49152:5iRVZQ220TLIaNCJdHFGEfPn5m4+Hth960:5iRVZQENC3HFtvs4+HtHZ

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks