Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.9MB

  • Sample

    230109-a47gwaae91

  • MD5

    b4e997126c735e94166b19fd3d7d26da

  • SHA1

    a25a1364d33f57338d55b5fda8b55f4bb504f3a3

  • SHA256

    aebead50eb3e28e960c1f9ca637955925bb2a17edd3ad67729b2098404227396

  • SHA512

    6e6565bef8812c412e5f2b4393e3b1d3a8c1f161232d06ad6ffb81e9e6eecc946d8847759f0262aa684a5c60f2a803275502ca55eb46260c75cbc917c88d52c2

  • SSDEEP

    49152:y2+ZRiRhEAtoKPbAb77NR9t8GyW6bMvI/m/WahOVLH:jWCQTt36b4/JhOVLH

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.9MB

    • MD5

      b4e997126c735e94166b19fd3d7d26da

    • SHA1

      a25a1364d33f57338d55b5fda8b55f4bb504f3a3

    • SHA256

      aebead50eb3e28e960c1f9ca637955925bb2a17edd3ad67729b2098404227396

    • SHA512

      6e6565bef8812c412e5f2b4393e3b1d3a8c1f161232d06ad6ffb81e9e6eecc946d8847759f0262aa684a5c60f2a803275502ca55eb46260c75cbc917c88d52c2

    • SSDEEP

      49152:y2+ZRiRhEAtoKPbAb77NR9t8GyW6bMvI/m/WahOVLH:jWCQTt36b4/JhOVLH

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks