Overview

overview

10

Static

static

10

20b27b8297...44.exe

windows7_x64

10

20b27b8297...44.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20b27b82977cfec2475a14f94fbf11ddd3fbde14677364215ed561ff020aea44.bin

  • Size

    19KB

  • Sample

    220126-szh8lafbb9

  • MD5

    fb5aabe905c0e8b3d837e91719f7c5cb

  • SHA1

    424c260a208e9fa7ff7d4468ffa368fb3bbafb1d

  • SHA256

    20b27b82977cfec2475a14f94fbf11ddd3fbde14677364215ed561ff020aea44

  • SHA512

    28dc13f3c285ad992d750373e446ccb7838d076aad9f72e35f6a5c27b5b721fad25f491a07b62c8e7cea2fd410513ae50e9a5f976a09b02973bb506184f1f6f6

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

crownctf.duckdns.org:448

microduck.duckdns.org:448
Mutex

dbb3c5cc

Targets

    • Target

      20b27b82977cfec2475a14f94fbf11ddd3fbde14677364215ed561ff020aea44.bin

    • Size

      19KB

    • MD5

      fb5aabe905c0e8b3d837e91719f7c5cb

    • SHA1

      424c260a208e9fa7ff7d4468ffa368fb3bbafb1d

    • SHA256

      20b27b82977cfec2475a14f94fbf11ddd3fbde14677364215ed561ff020aea44

    • SHA512

      28dc13f3c285ad992d750373e446ccb7838d076aad9f72e35f6a5c27b5b721fad25f491a07b62c8e7cea2fd410513ae50e9a5f976a09b02973bb506184f1f6f6

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks