Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230113-cp52lshc3t

  • MD5

    9a4ad4fc7ab6d12de6e5eea6e7f93cef

  • SHA1

    ca4511a28bc83c8403e8bf4a2b6469a75a1d4523

  • SHA256

    fffc3847977d1244d741ead040bf11089388721069658cfc65d8ad11583f7aa1

  • SHA512

    6a6f9bf442aa859e5bf4cb20ef944ff41c150d7a204acc814a9bc6ec2d7ff4d4e7a0b73240672956040b930ccd719ab3952c8c6bb97a7964b5e28140ecb03128

  • SSDEEP

    24576:220Sx+lpZa4TgvTlsWEwfGaZbU4nsK5PjaFtKpXcYc825mVOymF56VpZpgXC75lY:228s4WTlMweahPNBaXKpXsNaZhd1qapk

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      9a4ad4fc7ab6d12de6e5eea6e7f93cef

    • SHA1

      ca4511a28bc83c8403e8bf4a2b6469a75a1d4523

    • SHA256

      fffc3847977d1244d741ead040bf11089388721069658cfc65d8ad11583f7aa1

    • SHA512

      6a6f9bf442aa859e5bf4cb20ef944ff41c150d7a204acc814a9bc6ec2d7ff4d4e7a0b73240672956040b930ccd719ab3952c8c6bb97a7964b5e28140ecb03128

    • SSDEEP

      24576:220Sx+lpZa4TgvTlsWEwfGaZbU4nsK5PjaFtKpXcYc825mVOymF56VpZpgXC75lY:228s4WTlMweahPNBaXKpXsNaZhd1qapk

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks