Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230113-a6xqfscd54

  • MD5

    eafd873d4799c4dc7cb389beb7f3aeb8

  • SHA1

    d408f7730b0406e39287f816eb8c9eed6f855db9

  • SHA256

    e84603049889712ea21914657e3fcaa1b3af7b69183dba2d172ee168b5b74388

  • SHA512

    20437f94590c1a381697cb700a68085a4c72daf5ebb9dcf156d115d31466c4ef4884405e71f90d1b0cce5c6cd34a4ee36126d322919a0ca8fdf414b5c5f48d44

  • SSDEEP

    24576:220Sx+C9CpwYIfL8cqzzrh89EFWy4rNkovKynT5A3Krl3fkhBeygXC75ld1qSVpk:228ICSYGvIzrwEEBrZTS6hvIBeWd1qai

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      eafd873d4799c4dc7cb389beb7f3aeb8

    • SHA1

      d408f7730b0406e39287f816eb8c9eed6f855db9

    • SHA256

      e84603049889712ea21914657e3fcaa1b3af7b69183dba2d172ee168b5b74388

    • SHA512

      20437f94590c1a381697cb700a68085a4c72daf5ebb9dcf156d115d31466c4ef4884405e71f90d1b0cce5c6cd34a4ee36126d322919a0ca8fdf414b5c5f48d44

    • SSDEEP

      24576:220Sx+C9CpwYIfL8cqzzrh89EFWy4rNkovKynT5A3Krl3fkhBeygXC75ld1qSVpk:228ICSYGvIzrwEEBrZTS6hvIBeWd1qai

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks