Overview

overview

10

Static

static

10

d0980b7fe3...1e.exe

windows7_x64

10

d0980b7fe3...1e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d0980b7fe304d1998df7e3829b8f35c1f6a41316c8675416f5264d8658fc881e.bin

  • Size

    33KB

  • Sample

    220126-r9zgwseban

  • MD5

    7341966dff36665a31185cb2b4331f0d

  • SHA1

    02572e87b124474b1553e9bc418f7c8a4248be70

  • SHA256

    d0980b7fe304d1998df7e3829b8f35c1f6a41316c8675416f5264d8658fc881e

  • SHA512

    94e4be60b3508a3e9868ffee630f37c21104be85a8c412c8edc7924af8b60f73bdd183eba89133afb54d01cfe88ec26b68cff1870b86cf3459e8c7505c229a93

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

Jonathin8068-24257.portmap.host:60149

Mutex

9c5336ac

Targets

    • Target

      d0980b7fe304d1998df7e3829b8f35c1f6a41316c8675416f5264d8658fc881e.bin

    • Size

      33KB

    • MD5

      7341966dff36665a31185cb2b4331f0d

    • SHA1

      02572e87b124474b1553e9bc418f7c8a4248be70

    • SHA256

      d0980b7fe304d1998df7e3829b8f35c1f6a41316c8675416f5264d8658fc881e

    • SHA512

      94e4be60b3508a3e9868ffee630f37c21104be85a8c412c8edc7924af8b60f73bdd183eba89133afb54d01cfe88ec26b68cff1870b86cf3459e8c7505c229a93

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks