Nymaim (the banker trojan) advanced analysis

Nymaim was discovered in 2013 and is a downloader. It recently teamed up with the banking trojan Gozi, so there was a new family of malware called GozNym. However, the original version Nymaim still continues to be used as the boot various other threats.

Nymaim often used to download additional malware to infected computers, as it was seen in several campaigns for the dissemination of extortionists. Now, however, the malware the MAC-address of the infected their device with its coded list, which allows its to avoid the virtual environments and tear analysis tools.

 
This virus is very interesting, because it is possible to get a bank and has become a serious threat. Recently discovered patterns are hard-coded expiration date, after which the threat to stop working properly. Troyan is characterized by a variety of tricks. The Polish CERT has published a detailed analysis of the banking Trojan.

The Polish team’s analysis can be found here.