Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Resubmissions

11-01-2023 11:45

230111-nwry4sfg9v 10

11-01-2023 11:01

230111-m4j3ssbh37 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.2MB

  • Sample

    230111-nwry4sfg9v

  • MD5

    ed8d8752ec3b43c45613e4914bd12cf7

  • SHA1

    d88c37ed4b28e430c591be82bef298faf69b40eb

  • SHA256

    47fc5cf5ff6ae1c791fb938f6226e0b294948224a01a016a0ad239955901b112

  • SHA512

    13a7140fec3bb5ff4749c60d5dce323928ef11e6f5c4142c76b8b00ce90d1f4b610b112b57b20d830968541f6568ecf184a5b2c9367eac593985d3bc8d42ab9d

  • SSDEEP

    24576:q20IvUWFIQcM4jZPugTYQJy4jZK5r6zw7hoBgXC75ld1qSVpk:q2sWFPv41mgTM4FK5r6Pd1qapk

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.2MB

    • MD5

      ed8d8752ec3b43c45613e4914bd12cf7

    • SHA1

      d88c37ed4b28e430c591be82bef298faf69b40eb

    • SHA256

      47fc5cf5ff6ae1c791fb938f6226e0b294948224a01a016a0ad239955901b112

    • SHA512

      13a7140fec3bb5ff4749c60d5dce323928ef11e6f5c4142c76b8b00ce90d1f4b610b112b57b20d830968541f6568ecf184a5b2c9367eac593985d3bc8d42ab9d

    • SSDEEP

      24576:q20IvUWFIQcM4jZPugTYQJy4jZK5r6zw7hoBgXC75ld1qSVpk:q2sWFPv41mgTM4FK5r6Pd1qapk

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks