Overview

overview

10

Static

static

10

0f0b4d98f4...68.exe

windows7_x64

10

0f0b4d98f4...68.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f0b4d98f4b41948f43060d83b12cf9c995f4a425f376c8ae4e5836500df6268.bin

  • Size

    49KB

  • Sample

    220126-szhxtsfbb8

  • MD5

    ef5575dc5a9673885a93816fec5752e3

  • SHA1

    981b40105ff0b9d1deafae85517efb2bc03c54cc

  • SHA256

    0f0b4d98f4b41948f43060d83b12cf9c995f4a425f376c8ae4e5836500df6268

  • SHA512

    2979efab620d252ce552ea376878f807860030f33aa1c2265eb24b3ec7e8ba2f7190a61a49655b8ed59e5be583edcf257fccf9bbdb423e6e5d64afe288bbb5a6

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

google8.ddns.net:1999

Mutex

52889f08

Targets

    • Target

      0f0b4d98f4b41948f43060d83b12cf9c995f4a425f376c8ae4e5836500df6268.bin

    • Size

      49KB

    • MD5

      ef5575dc5a9673885a93816fec5752e3

    • SHA1

      981b40105ff0b9d1deafae85517efb2bc03c54cc

    • SHA256

      0f0b4d98f4b41948f43060d83b12cf9c995f4a425f376c8ae4e5836500df6268

    • SHA512

      2979efab620d252ce552ea376878f807860030f33aa1c2265eb24b3ec7e8ba2f7190a61a49655b8ed59e5be583edcf257fccf9bbdb423e6e5d64afe288bbb5a6

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks