Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230112-nnad4afg78

  • MD5

    d1516f04a6feba6497ca7c609000e019

  • SHA1

    e770b77c30e34b7d6683aa7e42623dbacc4e62c2

  • SHA256

    00775c38191eca8445202ad3aff09a275aae111d00b2a87b8ba77162284801e9

  • SHA512

    800274ed0ce5c30f5b9ecbe93c265dcdb69e9a93879962ec8366b01a7c2e8145f1ccb0005d48974f7e994f08575fded34ebd89cada79661a92726870a0bfb088

  • SSDEEP

    24576:220Sx+Uf/kAE605Im6RqJWVhRPMq2WkU7bKgXC75ld1qSVpk:228O8Aj0im6RqAapWjbud1qapk

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      d1516f04a6feba6497ca7c609000e019

    • SHA1

      e770b77c30e34b7d6683aa7e42623dbacc4e62c2

    • SHA256

      00775c38191eca8445202ad3aff09a275aae111d00b2a87b8ba77162284801e9

    • SHA512

      800274ed0ce5c30f5b9ecbe93c265dcdb69e9a93879962ec8366b01a7c2e8145f1ccb0005d48974f7e994f08575fded34ebd89cada79661a92726870a0bfb088

    • SSDEEP

      24576:220Sx+Uf/kAE605Im6RqJWVhRPMq2WkU7bKgXC75ld1qSVpk:228O8Aj0im6RqAapWjbud1qapk

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks