Overview

overview

10

Static

static

10

34a01c5a55...0f.exe

windows7_x64

10

34a01c5a55...0f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    34a01c5a55d7f77a53d694af2dcd284b259530a34a3ac8caa279cccc4959710f.bin

  • Size

    83KB

  • Sample

    220126-szj5wsfbc2

  • MD5

    972a4f69140dd4785c051d5e82937404

  • SHA1

    5792f489d1337f21b4783aa9d87dd664f4b662bc

  • SHA256

    34a01c5a55d7f77a53d694af2dcd284b259530a34a3ac8caa279cccc4959710f

  • SHA512

    39fb7b873c325cc7e4a5a73ec9383e8ff604c649a2b1e3dbb410e63d6c66e44a37568e6b9ff475d05b4133cad1c95a246ce831a2075f79189921536c9ea93a6c

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

narotomagic.publicvm.com:1170

Mutex

c31d7883

Targets

    • Target

      34a01c5a55d7f77a53d694af2dcd284b259530a34a3ac8caa279cccc4959710f.bin

    • Size

      83KB

    • MD5

      972a4f69140dd4785c051d5e82937404

    • SHA1

      5792f489d1337f21b4783aa9d87dd664f4b662bc

    • SHA256

      34a01c5a55d7f77a53d694af2dcd284b259530a34a3ac8caa279cccc4959710f

    • SHA512

      39fb7b873c325cc7e4a5a73ec9383e8ff604c649a2b1e3dbb410e63d6c66e44a37568e6b9ff475d05b4133cad1c95a246ce831a2075f79189921536c9ea93a6c

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks