Overview

overview

10

Static

static

10

6eccc9b1ec...9c.exe

windows7_x64

10

6eccc9b1ec...9c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6eccc9b1ec733f8e229e2b523942c8947208da6625f251f64e10680228f42f9c.bin

  • Size

    17KB

  • Sample

    220126-szn4vafbd2

  • MD5

    6f2ad7446177481ecfd632922d95bc44

  • SHA1

    783accf5d9107b0a68860a33bfcb939ffeb50153

  • SHA256

    6eccc9b1ec733f8e229e2b523942c8947208da6625f251f64e10680228f42f9c

  • SHA512

    3a1c54368844dbf9acdecd63504c005c08c068dea4123783a59e458ad3f97e769ee4ece181450013a16ed56fa602c1a03f11bb9d93b79f019297d49ea3809890

Score
10/10
nwormdownloaderworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

updateservice.linkpc.net:81

ainda.dyndns.org:81
Mutex

debff03b

Targets

    • Target

      6eccc9b1ec733f8e229e2b523942c8947208da6625f251f64e10680228f42f9c.bin

    • Size

      17KB

    • MD5

      6f2ad7446177481ecfd632922d95bc44

    • SHA1

      783accf5d9107b0a68860a33bfcb939ffeb50153

    • SHA256

      6eccc9b1ec733f8e229e2b523942c8947208da6625f251f64e10680228f42f9c

    • SHA512

      3a1c54368844dbf9acdecd63504c005c08c068dea4123783a59e458ad3f97e769ee4ece181450013a16ed56fa602c1a03f11bb9d93b79f019297d49ea3809890

    Score
    10/10
    nwormdownloaderworm

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks