General

  • Target

    5cd1bd572f9ceb8688669a2f7d3526886937d7eb285c571bc3bc8659f4774cb6.bin

  • Size

    17KB

  • Sample

    220126-r9t76seahm

  • MD5

    86694e996fc419c2567f3189e1c4507d

  • SHA1

    eb8752e3789c02ea5efd1b1a16d9871c493283f6

  • SHA256

    5cd1bd572f9ceb8688669a2f7d3526886937d7eb285c571bc3bc8659f4774cb6

  • SHA512

    327af1e685cb86aaa3a0e78747f1279fff346892fd6da21c1dfe514ff8476b0bb5d75d73b5783a043ad827c5d648bafdd3db2f73223ed72a7a4c44ebfd8d192b

Score
10/10

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

new.from-al.com:1155

Mutex

1e792aeb

Targets

    • Target

      5cd1bd572f9ceb8688669a2f7d3526886937d7eb285c571bc3bc8659f4774cb6.bin

    • Size

      17KB

    • MD5

      86694e996fc419c2567f3189e1c4507d

    • SHA1

      eb8752e3789c02ea5efd1b1a16d9871c493283f6

    • SHA256

      5cd1bd572f9ceb8688669a2f7d3526886937d7eb285c571bc3bc8659f4774cb6

    • SHA512

      327af1e685cb86aaa3a0e78747f1279fff346892fd6da21c1dfe514ff8476b0bb5d75d73b5783a043ad827c5d648bafdd3db2f73223ed72a7a4c44ebfd8d192b

    Score
    10/10
    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

    • Executes dropped EXE

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

System Information Discovery

1
T1082

Tasks