Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.6MB

  • Sample

    230112-mbyqgsbe3z

  • MD5

    f04e4c965e0c3742c030470dd3fe9f0f

  • SHA1

    57482d31a459fb20567fc7343d0fff6fc31f1a0c

  • SHA256

    d92a63481da62085b730979fa93329a49e796051dc5894247983f5fb4af29821

  • SHA512

    1d147d44fa3aa7ac098c7ddcfadb87f1406545328e9a18702c73b937d2a7adcaf9bf4959e88e7998b63bcfc43935aa68c1a1b30923f5961169176d03ce685523

  • SSDEEP

    49152:228e5UYe/zbGIOkq8/MVJDGsxkjA/+5d1qapk:P3+Ye//z2DTAAsd1Zi

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.6MB

    • MD5

      f04e4c965e0c3742c030470dd3fe9f0f

    • SHA1

      57482d31a459fb20567fc7343d0fff6fc31f1a0c

    • SHA256

      d92a63481da62085b730979fa93329a49e796051dc5894247983f5fb4af29821

    • SHA512

      1d147d44fa3aa7ac098c7ddcfadb87f1406545328e9a18702c73b937d2a7adcaf9bf4959e88e7998b63bcfc43935aa68c1a1b30923f5961169176d03ce685523

    • SSDEEP

      49152:228e5UYe/zbGIOkq8/MVJDGsxkjA/+5d1qapk:P3+Ye//z2DTAAsd1Zi

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks