General

  • Target

    36628a120ac2280dfa4a3262214aa38267a2b995c070a44830fe35a3c6324e6e.bin

  • Size

    16KB

  • Sample

    220126-r9spcaeef9

  • MD5

    3d8e52734f5498fbcfcd9d42fc6fc333

  • SHA1

    459b95cd2ccee55d15b540fa9a76ac00d0ed0c8f

  • SHA256

    36628a120ac2280dfa4a3262214aa38267a2b995c070a44830fe35a3c6324e6e

  • SHA512

    efc0db2e676c8d5cd4f82cae82095085f11f4d34f106ba4b035e26d8779dc578e2a7316b066c482df61afbbfd25b92f19934f8e3a219c02e3ac17f1a07f19cfa

Score
10/10

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

hhahkek.ddns.net:1194

Mutex

0af9391c

Targets

    • Target

      36628a120ac2280dfa4a3262214aa38267a2b995c070a44830fe35a3c6324e6e.bin

    • Size

      16KB

    • MD5

      3d8e52734f5498fbcfcd9d42fc6fc333

    • SHA1

      459b95cd2ccee55d15b540fa9a76ac00d0ed0c8f

    • SHA256

      36628a120ac2280dfa4a3262214aa38267a2b995c070a44830fe35a3c6324e6e

    • SHA512

      efc0db2e676c8d5cd4f82cae82095085f11f4d34f106ba4b035e26d8779dc578e2a7316b066c482df61afbbfd25b92f19934f8e3a219c02e3ac17f1a07f19cfa

    Score
    10/10
    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

MITRE ATT&CK Matrix

Tasks