General

  • Target

    e275b4b5507699dd1997ece8e3ae3628285b675e7b03411dabe2256f7a54547c.bin

  • Size

    16KB

  • Sample

    220126-r91pyseeh4

  • MD5

    b09edded61d7450208e9c382f0254b5c

  • SHA1

    1eae28e780b5f0c77f1a2f5282d4d7a78e727f86

  • SHA256

    e275b4b5507699dd1997ece8e3ae3628285b675e7b03411dabe2256f7a54547c

  • SHA512

    4e60f461d482d1007f132bd304d9a8764cc799830d8e98a9e8b7107196f6938252a2a72a88123bc99907c8d202490b11bc60775e7f68b947f03cf14a09b24012

Score
10/10

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

rbirbi.ddns.net:54984

127.0.0.1:54984

Mutex

87639abe

Targets

    • Target

      e275b4b5507699dd1997ece8e3ae3628285b675e7b03411dabe2256f7a54547c.bin

    • Size

      16KB

    • MD5

      b09edded61d7450208e9c382f0254b5c

    • SHA1

      1eae28e780b5f0c77f1a2f5282d4d7a78e727f86

    • SHA256

      e275b4b5507699dd1997ece8e3ae3628285b675e7b03411dabe2256f7a54547c

    • SHA512

      4e60f461d482d1007f132bd304d9a8764cc799830d8e98a9e8b7107196f6938252a2a72a88123bc99907c8d202490b11bc60775e7f68b947f03cf14a09b24012

    Score
    10/10
    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

MITRE ATT&CK Matrix

Tasks