nymaim | f88cd3ae02084a24118ff6650be7f470c2f994a8a8b35d569148ea8ce4e7eb2a | Triage

Submit
Reports

Overview

overview

Static

static

3d5ae0db43...48.exe

windows7-x64

3d5ae0db43...48.exe

windows10-2004-x64

Sharing

General

Target

3d5ae0db438bee2c91587ca9f10b3a6243168e846692177138e1b2c0226d7848
Size

1.3MB
Sample

230112-x241asaa33
MD5

78af53c1f9f2ea3962c26da1838cd726
SHA1

73d1340696a0f8b65994f62ad0f556dc9b3425ef
SHA256

f88cd3ae02084a24118ff6650be7f470c2f994a8a8b35d569148ea8ce4e7eb2a
SHA512

c1f35ceb0a255f445f0b7211f9d651c067c6a6a77ab972f28c7f0ec53858df47a966e97c7ff7971801b60ca51fb216bded13f90d07125088f17304fa7344da74
SSDEEP

24576:nmVjXI6hpO0UiKGKeS5m5JdaaibsKUjyfs2+zKdps2we1msHf40gXC75fB1qSfjH:n2xDualdR3Bc5dIQDPB1qWjH

Score

10^/10

nymaim discovery trojan

Static task

static1

Behavioral task

behavioral1

Sample

3d5ae0db438bee2c91587ca9f10b3a6243168e846692177138e1b2c0226d7848.exe

Resource

win7-20220812-en

nymaim discovery trojan

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

3d5ae0db438bee2c91587ca9f10b3a6243168e846692177138e1b2c0226d7848.exe

Resource

win10v2004-20221111-en

nymaim discovery trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

- Target
  
  3d5ae0db438bee2c91587ca9f10b3a6243168e846692177138e1b2c0226d7848
- Size
  
  1.7MB
- MD5
  
  cbcba2c9fc9010449f6ef91ac3f6bd9b
- SHA1
  
  74afe7d15b52fbf413227969c55fa3b05d3d9320
- SHA256
  
  3d5ae0db438bee2c91587ca9f10b3a6243168e846692177138e1b2c0226d7848
- SHA512
  
  627066d90493f02b0348bb4a7a9491438169702692a30b4bacdd8f1b0dc650c15d732b824a94732986a328d151553442c0abbdab7879ac269cfc11d6466749be
- SSDEEP
  
  24576:220Sx+NGI+hpOuUGeGKmI5m5Btaa2bsKEByRS0+zud5gewk1wsXvgXC75ld1qSVi:228uDK6DtR7TuRDkid7d1qapk
Score

10^/10

nymaim discovery trojan
- NyMaim
  NyMaim is a malware with various capabilities written in C++ and first seen in 2013.
  trojan nymaim
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nymaimdiscoverytrojan

behavioral2

nymaimdiscoverytrojan

© 2018-2024

Terms | Privacy