nworm | 0e2fc4665d05133cec37ec4e4937832a7355a9144d6c65519cc74ac1d68db8b5 | Triage

Sharing

General

Target

0e2fc4665d05133cec37ec4e4937832a7355a9144d6c65519cc74ac1d68db8b5.bin
Size

11KB
Sample

220126-szhbaseefp
MD5

e58baccdd6b85de4b68fd32c0a0a9f2e
SHA1

0465102aa846561d35dbcd1e18c7b387f222dffe
SHA256

0e2fc4665d05133cec37ec4e4937832a7355a9144d6c65519cc74ac1d68db8b5
SHA512

e12c2f701b5006ce05b83a450c0992f685e5a3bfdbbc9bd7de6d55ee86e4b8f79ea01fc9035daa3e3058fe9ef5758c30491a1d19b9eacd08dfe2a3c0d821c2cf

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.7C

C2

127.0.0.1:4444

Mutex

3716138f-ba37-4ae9-a3dd-4f32ff613077

Targets

- Target
  
  0e2fc4665d05133cec37ec4e4937832a7355a9144d6c65519cc74ac1d68db8b5.bin
- Size
  
  11KB
- MD5
  
  e58baccdd6b85de4b68fd32c0a0a9f2e
- SHA1
  
  0465102aa846561d35dbcd1e18c7b387f222dffe
- SHA256
  
  0e2fc4665d05133cec37ec4e4937832a7355a9144d6c65519cc74ac1d68db8b5
- SHA512
  
  e12c2f701b5006ce05b83a450c0992f685e5a3bfdbbc9bd7de6d55ee86e4b8f79ea01fc9035daa3e3058fe9ef5758c30491a1d19b9eacd08dfe2a3c0d821c2cf
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nwormdownloaderworm

behavioral2

nwormdownloaderworm