Overview

overview

10

Static

static

10

5abedad9ed...79.exe

windows7_x64

10

5abedad9ed...79.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5abedad9ed9489dd5c91dc8e0259ff78e8bf5ea45767b635d4fc34bd156a9779.bin

  • Size

    18KB

  • Sample

    220126-r9t76seeg3

  • MD5

    a700a649ae6df23ac8865f9912bf03c9

  • SHA1

    2885087df832401ed16caead43bf0587865ab6ab

  • SHA256

    5abedad9ed9489dd5c91dc8e0259ff78e8bf5ea45767b635d4fc34bd156a9779

  • SHA512

    69bad641968a340ea5760b505d33cee0701db23ea257c6dcaacfd332b0fbd066268c82f0c4befa26dfc9f525be1d42aa9698b4a95c405a0595f801368e739219

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

34.176.64.245:1234

gamers2020.ownip.net:1234
Mutex

af517389

Targets

    • Target

      5abedad9ed9489dd5c91dc8e0259ff78e8bf5ea45767b635d4fc34bd156a9779.bin

    • Size

      18KB

    • MD5

      a700a649ae6df23ac8865f9912bf03c9

    • SHA1

      2885087df832401ed16caead43bf0587865ab6ab

    • SHA256

      5abedad9ed9489dd5c91dc8e0259ff78e8bf5ea45767b635d4fc34bd156a9779

    • SHA512

      69bad641968a340ea5760b505d33cee0701db23ea257c6dcaacfd332b0fbd066268c82f0c4befa26dfc9f525be1d42aa9698b4a95c405a0595f801368e739219

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks