Overview

overview

10

Static

static

10

0c1186bb4c...5c.exe

windows7_x64

10

0c1186bb4c...5c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c1186bb4c92c71b12cbf855a51efc0cdf41c1774d21ab6b53c5a1746be1c15c.bin

  • Size

    19KB

  • Sample

    220126-r9r3taeef7

  • MD5

    61c2029fa9b7194a9971ee05e2643bec

  • SHA1

    03dbfc548a2fa7e79fe2d5c4433f91a83d8e5c2b

  • SHA256

    0c1186bb4c92c71b12cbf855a51efc0cdf41c1774d21ab6b53c5a1746be1c15c

  • SHA512

    c15337b14494258670b440e6dfe3fe4e3387ea5caf35eeeec3528a186172a088364ff9fddd6902d82998c3ccd3077bb4babb1bd8781e530512254a6b153ace89

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

24.101.234.141:8087

127.0.0.1:8087
Mutex

38fc6b9e

Targets

    • Target

      0c1186bb4c92c71b12cbf855a51efc0cdf41c1774d21ab6b53c5a1746be1c15c.bin

    • Size

      19KB

    • MD5

      61c2029fa9b7194a9971ee05e2643bec

    • SHA1

      03dbfc548a2fa7e79fe2d5c4433f91a83d8e5c2b

    • SHA256

      0c1186bb4c92c71b12cbf855a51efc0cdf41c1774d21ab6b53c5a1746be1c15c

    • SHA512

      c15337b14494258670b440e6dfe3fe4e3387ea5caf35eeeec3528a186172a088364ff9fddd6902d82998c3ccd3077bb4babb1bd8781e530512254a6b153ace89

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks