General

  • Target

    a50655f42d9eaf4b12f22c5b4cffdc462d00e66dfd97970904ea5d57b411c0f0.bin

  • Size

    16KB

  • Sample

    220126-r9ywcsebak

  • MD5

    7d848ef3bedf13a0ed0d625cd2779880

  • SHA1

    3ccc13e993c7077823354938929d4f5ed2f002e6

  • SHA256

    a50655f42d9eaf4b12f22c5b4cffdc462d00e66dfd97970904ea5d57b411c0f0

  • SHA512

    8b937a8d3cfca15ee81812bdc6d2e0cc5f57ce8b6ec2ae699652805ecaf958b4750bfb6ddebfa7a46eb7e99c282eb0671519f6dfdb5f05532ab03de11de37f6e

Score
10/10

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

127.0.0.1:4444

Mutex

f5a997ea

Targets

    • Target

      a50655f42d9eaf4b12f22c5b4cffdc462d00e66dfd97970904ea5d57b411c0f0.bin

    • Size

      16KB

    • MD5

      7d848ef3bedf13a0ed0d625cd2779880

    • SHA1

      3ccc13e993c7077823354938929d4f5ed2f002e6

    • SHA256

      a50655f42d9eaf4b12f22c5b4cffdc462d00e66dfd97970904ea5d57b411c0f0

    • SHA512

      8b937a8d3cfca15ee81812bdc6d2e0cc5f57ce8b6ec2ae699652805ecaf958b4750bfb6ddebfa7a46eb7e99c282eb0671519f6dfdb5f05532ab03de11de37f6e

    Score
    10/10
    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

MITRE ATT&CK Matrix

Tasks