Overview

overview

10

Static

static

10

5317cc2ea8...f8.exe

windows7_x64

10

5317cc2ea8...f8.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5317cc2ea842337b08c2a510263885b2eba67f175fcea597a39382d8251148f8.bin

  • Size

    19KB

  • Sample

    220126-szlnqaeegk

  • MD5

    8e63a02d166c9c36bfacfa97f3056276

  • SHA1

    fb738d4a90b7ed4c7e5be5ef7932166bb7854b91

  • SHA256

    5317cc2ea842337b08c2a510263885b2eba67f175fcea597a39382d8251148f8

  • SHA512

    dc11f40d9b61acf259ab664bcd0fc059d43a84fc57c92dfc6e23ee2b8142d6c6bdef3e495ec53608eb5d267c238e3bca6ada1fcc3c3e3a680bc9bb9773100c6a

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

padama600.ddns.net:1177

Mutex

b38e461c

Targets

    • Target

      5317cc2ea842337b08c2a510263885b2eba67f175fcea597a39382d8251148f8.bin

    • Size

      19KB

    • MD5

      8e63a02d166c9c36bfacfa97f3056276

    • SHA1

      fb738d4a90b7ed4c7e5be5ef7932166bb7854b91

    • SHA256

      5317cc2ea842337b08c2a510263885b2eba67f175fcea597a39382d8251148f8

    • SHA512

      dc11f40d9b61acf259ab664bcd0fc059d43a84fc57c92dfc6e23ee2b8142d6c6bdef3e495ec53608eb5d267c238e3bca6ada1fcc3c3e3a680bc9bb9773100c6a

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks