Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.8MB

  • Sample

    230102-kzftgagh81

  • MD5

    935f09d23ee8baee6753e75a540c02ae

  • SHA1

    09b8a5f9a9e5bf405f0a03dfef4516c42aca662f

  • SHA256

    70063b6b7145d57932d8869652d242b9e26975bfd2c05294c610ff16a3617058

  • SHA512

    cbee6fffa363fd4387d9a63cb0c70befec760ccbf767a336de2970af5b06a8e00b0128c9ba9f82e0946828fc612a2ab027f942c9f864821f67b136da7c56e66b

  • SSDEEP

    49152:Mi/04jl6B/hbCb4ZnsXt89vGgjf3lHgwjT1MSBk3M:Mi/zjMxhOy889vGCHglSBk3M

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.8MB

    • MD5

      935f09d23ee8baee6753e75a540c02ae

    • SHA1

      09b8a5f9a9e5bf405f0a03dfef4516c42aca662f

    • SHA256

      70063b6b7145d57932d8869652d242b9e26975bfd2c05294c610ff16a3617058

    • SHA512

      cbee6fffa363fd4387d9a63cb0c70befec760ccbf767a336de2970af5b06a8e00b0128c9ba9f82e0946828fc612a2ab027f942c9f864821f67b136da7c56e66b

    • SSDEEP

      49152:Mi/04jl6B/hbCb4ZnsXt89vGgjf3lHgwjT1MSBk3M:Mi/zjMxhOy889vGCHglSBk3M

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks