nworm | 043c9d3c25c284c582dff2887cc1c92bf1a7c76941d0c2f84eef95d72a31b4a0 | Triage

Sharing

General

Target

043c9d3c25c284c582dff2887cc1c92bf1a7c76941d0c2f84eef95d72a31b4a0.bin
Size

11KB
Sample

220126-szgprsfbb6
MD5

35394030407f8b24d4046d172d23d50e
SHA1

1afc8308b56671d5cabeac3d5aff77f0d5a2d1a6
SHA256

043c9d3c25c284c582dff2887cc1c92bf1a7c76941d0c2f84eef95d72a31b4a0
SHA512

dc1ca8751225d1714f4b61b93faacbd78c5888a607ec7206b8069cdcbbd573f724b2cbcc988f2a7b319fee353d00cccf319f1d12dd369c5992d4b9090b25dbe1

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.7C

C2

139.180.171.110:2222

Mutex

090383e3-d29a-4f22-9ac9-8273a3a0c547

Targets

- Target
  
  043c9d3c25c284c582dff2887cc1c92bf1a7c76941d0c2f84eef95d72a31b4a0.bin
- Size
  
  11KB
- MD5
  
  35394030407f8b24d4046d172d23d50e
- SHA1
  
  1afc8308b56671d5cabeac3d5aff77f0d5a2d1a6
- SHA256
  
  043c9d3c25c284c582dff2887cc1c92bf1a7c76941d0c2f84eef95d72a31b4a0
- SHA512
  
  dc1ca8751225d1714f4b61b93faacbd78c5888a607ec7206b8069cdcbbd573f724b2cbcc988f2a7b319fee353d00cccf319f1d12dd369c5992d4b9090b25dbe1
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nwormdownloaderworm

behavioral2

nwormdownloaderworm