SHOW:
|
|
- or go back to the newest paste.
1 | - | [] |
1 | + | [Nymaim 22052018] |
2 | == | |
3 | ||
4 | - | [][1] |
4 | + | [File Details] |
5 | - | [1]: |
5 | + | |
6 | MD5 5d6a35ff4c29cc08912f88b2f7729c34 | |
7 | - | [] |
7 | + | SHA-1 9b81f980c8b4b07fd0aaf0d16a66febb9bf96726 |
8 | SHA-256 d3d53010e5487139cb2f879a243a8d8b6f50778f4a76136119aaf77ac7a56922 | |
9 | ssdeep 12288:Oe0emNPr5eAU4PhBcBeFiAvoMM73HjlXRQSO4ZnWilmQv0KW:OeGgAa4xGjlX+St5v | |
10 | Size 652.5 KB (668160 bytes) | |
11 | Type Win32 EXE | |
12 | Magic PE32 executable for MS Windows (GUI) Intel 80386 32-bit | |
13 | Win32 Dynamic Link Library (generic) (38.4%) | |
14 | Win32 Executable (generic) (26.3%) | |
15 | OS/2 Executable (generic) (11.8%) | |
16 | Generic Win/DOS Executable (11.6%) | |
17 | DOS Executable Generic (11.6%) | |
18 | Detection ratio 49 / 67 | |
19 | First submission 2018-05-22 11:11:51 UTC ( 3 minutes ago ) | |
20 | Last submission 2018-05-22 11:11:51 UTC ( 3 minutes ago ) | |
21 | ||
22 | ||
23 | [https://app.any.run/tasks/d93f4f29-189f-4151-9efe-7864dc1b03fc][1] | |
24 | [1]:https://app.any.run/tasks/d93f4f29-189f-4151-9efe-7864dc1b03fc | |
25 | ||
26 | ||
27 | [Nymaim C2] | |
28 | -- | |
29 | http://zepter.com/uexonbvxdf/index.php | |
30 | http://carfax.com/uexonbvxdf/index.php | |
31 | ||
32 | [Nymaim IP addresses contacted] | |
33 | -- | |
34 | 82.77.200.208 | |
35 | 151.237.138.38 | |
36 | 80.98.183.111 | |
37 | 86.101.230.109 | |
38 | 186.87.135.2 | |
39 | 213.6.58.250 | |
40 | 46.40.123.136 | |
41 | 89.190.74.198 | |
42 | 47.74.242.102 | |
43 | 79.185.39.90 | |
44 | 109.96.248.32 | |
45 | ||
46 | ||
47 | [Nymaim Filenames] | |
48 | Directpay.com | |
49 | Bank-Pay.com | |
50 | Paydirect.com | |
51 | OnlinePay.com | |
52 | GiroPay.com | |
53 | Sofort.com | |
54 | ||
55 | *** | |
56 | ![Pastebin Logo][image] | |
57 | ||
58 | [image]: https://zerophagemalware.files.wordpress.com/2017/09/zerophageicon2.png |