Overview

overview

10

Static

static

10

92940304e9...34.exe

windows7_x64

10

92940304e9...34.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92940304e9508cc294adebef9feb4d7c0a4599a3f055db8b5d6fda365f917034.bin

  • Size

    16KB

  • Sample

    220126-r9xy3aeeg9

  • MD5

    7315760f18f531d0e4d5ed6c7c95fa93

  • SHA1

    c4ddfff0fb99f746da76a9937bcf390ee5d9e464

  • SHA256

    92940304e9508cc294adebef9feb4d7c0a4599a3f055db8b5d6fda365f917034

  • SHA512

    ec6cc6b3545bdcdc115e6623e53572ded5e4826ab4559d0e5c5c7ff92bd2dbd59f351d9f4d83b823d8f8b977c4a3acf9ae87e2d299dfe7ddc2e16916268195e1

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

hlgh8626.duckdns.org:8073

Mutex

39f210ad

Targets

    • Target

      92940304e9508cc294adebef9feb4d7c0a4599a3f055db8b5d6fda365f917034.bin

    • Size

      16KB

    • MD5

      7315760f18f531d0e4d5ed6c7c95fa93

    • SHA1

      c4ddfff0fb99f746da76a9937bcf390ee5d9e464

    • SHA256

      92940304e9508cc294adebef9feb4d7c0a4599a3f055db8b5d6fda365f917034

    • SHA512

      ec6cc6b3545bdcdc115e6623e53572ded5e4826ab4559d0e5c5c7ff92bd2dbd59f351d9f4d83b823d8f8b977c4a3acf9ae87e2d299dfe7ddc2e16916268195e1

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks