Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230108-q2ypysdg45

  • MD5

    397a6922492b6e5a87b23a680e2354b3

  • SHA1

    d01e7dafacc52ec63514d1785621c39a24b2e6b9

  • SHA256

    8630082c70d58cc65df76196386ba052ef69e0b6088e146ffdfa7d3e96db69d4

  • SHA512

    d1389799c35aec0a9e99f823ebb03c0dbd68c40a719ad03d1bbc2c9a3050e5c24137c586ec6ec7618edfc8217934fbfa8cece64f42c238388ef4e4e6b3a3f741

  • SSDEEP

    49152:y2+pBHTma7oWoh287AuaQGyw3A6a2B5Ro2QnL5SvXpI/m/WahOVLH:jSma83h2wAmGygrtgLK/JhOVLH

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      397a6922492b6e5a87b23a680e2354b3

    • SHA1

      d01e7dafacc52ec63514d1785621c39a24b2e6b9

    • SHA256

      8630082c70d58cc65df76196386ba052ef69e0b6088e146ffdfa7d3e96db69d4

    • SHA512

      d1389799c35aec0a9e99f823ebb03c0dbd68c40a719ad03d1bbc2c9a3050e5c24137c586ec6ec7618edfc8217934fbfa8cece64f42c238388ef4e4e6b3a3f741

    • SSDEEP

      49152:y2+pBHTma7oWoh287AuaQGyw3A6a2B5Ro2QnL5SvXpI/m/WahOVLH:jSma83h2wAmGygrtgLK/JhOVLH

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks