Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.3MB

  • Sample

    230111-tf7yaahc71

  • MD5

    e515323a241312151e8f932ef7371036

  • SHA1

    6d670259e846b3fa3b12e6271f0c00fc30ffa335

  • SHA256

    0203151d8d9f2b8aed83bfff2ef741ceb99bfbf51597920b3fcf964b79abc330

  • SHA512

    06f91bfdc24d9d91bce92a105e5c5ae5da82e7839e34b3122df404cbf07f346cbf330e58891b619052fa7c0e8fdee32380f9288e39e1979d13ba670fe857fa6f

  • SSDEEP

    24576:q20I/91233SqM8i9CejEJXeGQHNnrOiD6mgXC75ld1qSVpk:q2b2yqE9ClJuGQHNnnd1qapk

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.3MB

    • MD5

      e515323a241312151e8f932ef7371036

    • SHA1

      6d670259e846b3fa3b12e6271f0c00fc30ffa335

    • SHA256

      0203151d8d9f2b8aed83bfff2ef741ceb99bfbf51597920b3fcf964b79abc330

    • SHA512

      06f91bfdc24d9d91bce92a105e5c5ae5da82e7839e34b3122df404cbf07f346cbf330e58891b619052fa7c0e8fdee32380f9288e39e1979d13ba670fe857fa6f

    • SSDEEP

      24576:q20I/91233SqM8i9CejEJXeGQHNnrOiD6mgXC75ld1qSVpk:q2b2yqE9ClJuGQHNnnd1qapk

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks