Overview

overview

10

Static

static

10

5934d1da5c...cd.exe

windows7_x64

10

5934d1da5c...cd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5934d1da5cf45739ab3c3c01c8fe736a4aeac541b1b9601efe4d1eea6d2fcecd.bin

  • Size

    17KB

  • Sample

    220126-szl99afbc5

  • MD5

    16ce8ee04799a1e4f531eec98418a994

  • SHA1

    cda1ba9604872a6f462a21f6b82b2ca643b81b76

  • SHA256

    5934d1da5cf45739ab3c3c01c8fe736a4aeac541b1b9601efe4d1eea6d2fcecd

  • SHA512

    dcb4486d0a9fc66b0bf71083e3f79950d3f163bf74526c862dc7b8717d26829d3e04715eaa566db8ecd46cc778839efef8a9d9da090e7f90f8301869d79dc289

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

jtbz.ddns.net:1604

jtbz2.ddns.net:1604
Mutex

2f5c1f29

Targets

    • Target

      5934d1da5cf45739ab3c3c01c8fe736a4aeac541b1b9601efe4d1eea6d2fcecd.bin

    • Size

      17KB

    • MD5

      16ce8ee04799a1e4f531eec98418a994

    • SHA1

      cda1ba9604872a6f462a21f6b82b2ca643b81b76

    • SHA256

      5934d1da5cf45739ab3c3c01c8fe736a4aeac541b1b9601efe4d1eea6d2fcecd

    • SHA512

      dcb4486d0a9fc66b0bf71083e3f79950d3f163bf74526c862dc7b8717d26829d3e04715eaa566db8ecd46cc778839efef8a9d9da090e7f90f8301869d79dc289

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks