Overview

overview

10

Static

static

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    file.exe

  • Size

    1.5MB

  • Sample

    230113-fy99gaee28

  • MD5

    7b135fbde0e1325a2378e57f8ce90983

  • SHA1

    e66a4d4d508856b27a5d587f03144ac2313702c0

  • SHA256

    3d85914715c7ce508b6b048df845aeeb53a54e1856d394788d582743480f1cf8

  • SHA512

    2d446de95b28a2d72dd168ab94e1716349fbfdcd3688d3ab2bf3366dda27ba0370427e134b1956066980d2e439aa6bbe3692fdec2d33c010076ba5b14f8e7864

  • SSDEEP

    24576:g20hhVOVhKgqdpAqqNcucE8DzgtF5/S56bUbIMR1JXlTLGFpn5pI/GmfDYf+kATY:g2QVaKgJzSuKzgdewUvbJ1GD5++mnkAU

Score
10/10
nymaimdiscoverytrojan

Malware Config

Extracted

Family

nymaim

C2

45.139.105.171

85.31.46.167

Targets

    • Target

      file.exe

    • Size

      1.5MB

    • MD5

      7b135fbde0e1325a2378e57f8ce90983

    • SHA1

      e66a4d4d508856b27a5d587f03144ac2313702c0

    • SHA256

      3d85914715c7ce508b6b048df845aeeb53a54e1856d394788d582743480f1cf8

    • SHA512

      2d446de95b28a2d72dd168ab94e1716349fbfdcd3688d3ab2bf3366dda27ba0370427e134b1956066980d2e439aa6bbe3692fdec2d33c010076ba5b14f8e7864

    • SSDEEP

      24576:g20hhVOVhKgqdpAqqNcucE8DzgtF5/S56bUbIMR1JXlTLGFpn5pI/GmfDYf+kATY:g2QVaKgJzSuKzgdewUvbJ1GD5++mnkAU

    Score
    10/10
    nymaimdiscoverytrojan

    • NyMaim

      NyMaim is a malware with various capabilities written in C++ and first seen in 2013.

      trojannymaim

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks