Overview

overview

10

Static

static

10

1e04e0ce10...f1.exe

windows7_x64

10

1e04e0ce10...f1.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1e04e0ce103e51fe1d1584759bc28da409f634e6e09de4892d2ab3f6659078f1.bin

  • Size

    22KB

  • Sample

    220126-r9sdkseagn

  • MD5

    01573f1b61b5578c5c87e555e74f75a6

  • SHA1

    ade56f4a823f742d7202a72a2fb16384f9711637

  • SHA256

    1e04e0ce103e51fe1d1584759bc28da409f634e6e09de4892d2ab3f6659078f1

  • SHA512

    a27d20a92123afd6302d67368622947d7fb978aa75212be24f3f3a38031c9215b6824044fb728b5bbf557c17d213d1e0ff630c970168837c08bfb50ea38e986a

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

185.247.69.194:6333

91.202.169.7:6333
Mutex

1f09d7c7

Targets

    • Target

      1e04e0ce103e51fe1d1584759bc28da409f634e6e09de4892d2ab3f6659078f1.bin

    • Size

      22KB

    • MD5

      01573f1b61b5578c5c87e555e74f75a6

    • SHA1

      ade56f4a823f742d7202a72a2fb16384f9711637

    • SHA256

      1e04e0ce103e51fe1d1584759bc28da409f634e6e09de4892d2ab3f6659078f1

    • SHA512

      a27d20a92123afd6302d67368622947d7fb978aa75212be24f3f3a38031c9215b6824044fb728b5bbf557c17d213d1e0ff630c970168837c08bfb50ea38e986a

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks