Overview

overview

10

Static

static

10

3f3a298e7b...7a.exe

windows7_x64

10

3f3a298e7b...7a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f3a298e7b430343d12d9039e9e83ae46c4bc952ea9b329959be1aa07205787a.bin

  • Size

    19KB

  • Sample

    220126-r9spcaeeg2

  • MD5

    c722ffe89ecb69db142ecb15bc71c572

  • SHA1

    febf301c31f726d00682afda2b33f2776d7b34c2

  • SHA256

    3f3a298e7b430343d12d9039e9e83ae46c4bc952ea9b329959be1aa07205787a

  • SHA512

    4b396ed48645db4d983bdf8e55755af5bf4613e14a8aeb1881774264c2fb62508ea4fe67fb5d98783107649365c13b1acd32e2aa44d0272b36c2e80f533ffa67

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

ofi.dyn.ydns.io:1080

redlan.mywire.org:1080
Mutex

b0456e7e

Targets

    • Target

      3f3a298e7b430343d12d9039e9e83ae46c4bc952ea9b329959be1aa07205787a.bin

    • Size

      19KB

    • MD5

      c722ffe89ecb69db142ecb15bc71c572

    • SHA1

      febf301c31f726d00682afda2b33f2776d7b34c2

    • SHA256

      3f3a298e7b430343d12d9039e9e83ae46c4bc952ea9b329959be1aa07205787a

    • SHA512

      4b396ed48645db4d983bdf8e55755af5bf4613e14a8aeb1881774264c2fb62508ea4fe67fb5d98783107649365c13b1acd32e2aa44d0272b36c2e80f533ffa67

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks