Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230112-zlerksee4s

  • MD5

    5f6c5e6131374258fa9ca26119c3686f

  • SHA1

    07b1b1ad90a4faa69c02b685ebeaee488b4d23c3

  • SHA256

    09e8a4b4347c791fd68278b4ae2fc230c97753d3f181e5944cb9a0ad9a85048b

  • SHA512

    5c9e247a618eb80623335469dfb5f22d43256f6d00c72913d0beabc70fe03ddd8fcb6ea544f8bd30b736255f0163193b3dfa6e35c359daa57b6259268f9561cb

  • SSDEEP

    24576:220Sx+iJe+tbKbqdaW56kfoOO1hDZs/Os4ciZOWgXC75ld1qSVpk:228itG+bfQ15Zs2CiMSd1qapk

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      5f6c5e6131374258fa9ca26119c3686f

    • SHA1

      07b1b1ad90a4faa69c02b685ebeaee488b4d23c3

    • SHA256

      09e8a4b4347c791fd68278b4ae2fc230c97753d3f181e5944cb9a0ad9a85048b

    • SHA512

      5c9e247a618eb80623335469dfb5f22d43256f6d00c72913d0beabc70fe03ddd8fcb6ea544f8bd30b736255f0163193b3dfa6e35c359daa57b6259268f9561cb

    • SSDEEP

      24576:220Sx+iJe+tbKbqdaW56kfoOO1hDZs/Os4ciZOWgXC75ld1qSVpk:228itG+bfQ15Zs2CiMSd1qapk

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks