nymaim | 7fea2d0ae6f2487f26708d60ddeeabc75d0452991fd2c424fabc73c481c6d769 | Triage

Submit
Reports

Overview

overview

Static

static

file.exe

windows7-x64

file.exe

windows10-2004-x64

Sharing

General

Target

file.exe
Size

1.5MB
Sample

230112-r6e9vaca8z
MD5

c94a916c42e02d493052df1047ba9395
SHA1

8eac1d8c5b8f93ba73848a03bfdd097a0c41c9f0
SHA256

7fea2d0ae6f2487f26708d60ddeeabc75d0452991fd2c424fabc73c481c6d769
SHA512

b1a9cce67154ca4486a66cdb16699895d6ae58e0c34235693fd4887889a3f0556645b5e262085816c702f08ea22957bf5729a9ddf6a8db3c64cab8caa52a357a
SSDEEP

24576:220Sx+iFyhXFJAEXUslpmbTkxxkvnl41tH0dkNUgXC75ld1qSVpk:228rh/NnOoxWvnCiddd1qapk

Score

10^/10

nymaim discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

file.exe

Resource

win7-20221111-en

nymaim discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

file.exe

Resource

win10v2004-20221111-en

nymaim discovery trojan

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  file.exe
- Size
  
  1.5MB
- MD5
  
  c94a916c42e02d493052df1047ba9395
- SHA1
  
  8eac1d8c5b8f93ba73848a03bfdd097a0c41c9f0
- SHA256
  
  7fea2d0ae6f2487f26708d60ddeeabc75d0452991fd2c424fabc73c481c6d769
- SHA512
  
  b1a9cce67154ca4486a66cdb16699895d6ae58e0c34235693fd4887889a3f0556645b5e262085816c702f08ea22957bf5729a9ddf6a8db3c64cab8caa52a357a
- SSDEEP
  
  24576:220Sx+iFyhXFJAEXUslpmbTkxxkvnl41tH0dkNUgXC75ld1qSVpk:228rh/NnOoxWvnCiddd1qapk
Score

10^/10

nymaim discovery trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

nymaimdiscoverytrojan

behavioral2

nymaimdiscoverytrojan

© 2018-2024

Terms | Privacy