Investigation into the state of Nim malware
Tags
Common Information
| Type | Value |
|---|---|
| UUID | bbc8d714-adfc-4559-b234-2357e338cf9b |
| Fingerprint | 1f400b632fe315d6 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | March 1, 2021, 5:26 p.m. |
| Added to db | Sept. 26, 2022, 9:30 a.m. |
| Last updated | Nov. 17, 2024, 11:40 p.m. |
| Headline | Investigation into the state of Nim malware |
| Title | Investigation into the state of Nim malware |
| Detected Hints/Tags/Attributes | 56/1/64 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 3 | counter.new |
|
| Details | Domain | 71 | aes.new |
|
| Details | Domain | 1 | yeshua.vip |
|
| Details | Domain | 74 | code.jquery.com |
|
| Details | Domain | 1 | msbackup.ddns.net |
|
| Details | Domain | 1 | ss.payl0ad.ga |
|
| Details | Domain | 4128 | github.com |
|
| Details | Domain | 172 | www.crowdstrike.com |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 3 | s3cur3th1ssh1t.github.io |
|
| Details | File | 9 | %windir%\\sysnative\\dllhost.exe |
|
| Details | File | 218 | min.js |
|
| Details | File | 9 | %windir%\\syswow64\\dllhost.exe |
|
| Details | File | 28 | loader.exe |
|
| Details | File | 15 | reader_sl.exe |
|
| Details | File | 2126 | cmd.exe |
|
| Details | File | 56 | update.php |
|
| Details | Github username | 12 | byt3bl33d3r |
|
| Details | Github username | 2 | snovvcrash |
|
| Details | md5 | 1 | 507500d9c55ac4db55c7ea4adfe1380b |
|
| Details | md5 | 1 | a19ea23062db990386a3a478cb89d52e |
|
| Details | md5 | 1 | e65a69688e0c75f41f1388c82e1069ba |
|
| Details | md5 | 1 | 78a94df84f31c12a428cbdeeb179dc6b |
|
| Details | md5 | 1 | 76c7bb63fb46ecd31bee614e2760fc2f |
|
| Details | md5 | 1 | bde13c029b14a133b13fcd875af3567c |
|
| Details | md5 | 1 | 0a7b2ae58ac40dfd7a972a6cff81315a |
|
| Details | md5 | 1 | 325a71e33559a634ec08bccd0d3898f8 |
|
| Details | md5 | 1 | dca780bc42a73d11ddfbc9f44a5f7a87 |
|
| Details | md5 | 1 | a3dbfa1081a6b79cbedda57f859a2942 |
|
| Details | sha1 | 1 | 32dbaa97622f51a05cd9ad358837242985e6abdb |
|
| Details | sha1 | 1 | 2e4d5b0fee977939ed85aafb89cc40f8b2350385 |
|
| Details | sha1 | 1 | a15573c6dabadce1dc3a5ebb1f135b64025987d4 |
|
| Details | sha1 | 1 | 6f8928478f77fba483e0c3bd77610f996da97e9a |
|
| Details | sha1 | 1 | 8dcc70fcbeb7231986fe9420f7cd8bc8a1223ddf |
|
| Details | sha1 | 1 | e57396cfeac27076f2660c36e650d24bd37ca804 |
|
| Details | sha1 | 1 | df466c910cd0f6b6672d2e4396b84fc071cdc11f |
|
| Details | sha1 | 1 | de3a15fb7b7571cc697b8c262e56e4be31c74302 |
|
| Details | sha1 | 1 | e3b01fed4799dd38490f49cf974d669b3fa8887f |
|
| Details | sha1 | 1 | 86eff4c7c5f0cc587ab94fc0b63d5e771548cf84 |
|
| Details | sha256 | 1 | f76e2d411831c549ce1111d93ebb724da1835114d91a5c7e6c5e5651da1106e5 |
|
| Details | sha256 | 1 | 311e49ca50489eb9c9127e42e4ab2c39d5311754e9475236a5431d917774dccf |
|
| Details | sha256 | 1 | 18d1776dae59d2b4d083cb204cae2ab73f50baac07bd69068343a6cc523c0de2 |
|
| Details | sha256 | 1 | d7cdf7bca8c90d21e64b0c790ce5aa9124623dd2788088c81160703e00ff2052 |
|
| Details | sha256 | 1 | 993ea418f841fce636986d3e61aed7ac2b3a03c7d3e8a539ac5c81c7b85637f5 |
|
| Details | sha256 | 1 | 590e2308bd76873a1a518e162bbf10173a0bc69a0380c606d0f10c058cbffb0e |
|
| Details | sha256 | 1 | bdf20694e32d8305b859bf0d36b62078fd9ec330ece3f37e8192ff738165faee |
|
| Details | sha256 | 1 | 63c81b095e6a461587717b5191028f55dc413bf2457f8fc89c8d8dfbf810491e |
|
| Details | sha256 | 1 | 5195ead146c387e55c4e7b00818b30bd80d044a71b9717597de3cbc535344984 |
|
| Details | IPv4 | 1 | 45.43.2.118 |
|
| Details | IPv4 | 45 | 192.168.1.10 |
|
| Details | IPv4 | 1 | 35.241.81.15 |
|
| Details | IPv4 | 1 | 192.168.161.2 |
|
| Details | IPv4 | 1 | 42.51.12.61 |
|
| Details | Pdb | 1 | sharpkatz.pdb |
|
| Details | Url | 1 | https://yeshua.vip:443 |
|
| Details | Url | 49 | http://code.jquery.com |
|
| Details | Url | 1 | http://msbackup.ddns.net/f01c137e-0eb6-4fba-9ef0-40c9cfac3135 |
|
| Details | Url | 3 | https://github.com/byt3bl33d3r/offensivenim |
|
| Details | Url | 4 | https://www.crowdstrike.com/blog/wizard-spider-adversary-update |
|
| Details | Url | 1 | https://medium.com/walmartglobaltech/nimar-loader-4f61c090c49e |
|
| Details | Url | 1 | https://github.com/snovvcrash/ppn |
|
| Details | Url | 1 | https://s3cur3th1ssh1t.github.io/playing-with-offensivenim |
|
| Details | Windows Registry Key | 48 | HKLM\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 13 | HKCU\Software\Classes\CLSID |