nworm | 5aea6935f647ed44dbce04f27663e720dd25fc6226d20901d8b9dcf72715b2ac | Triage

Submit
Reports

Overview

overview

Static

static

second_pe.exe

windows7_x64

second_pe.exe

windows10-2004_x64

Sharing

General

Target

nworm.zip
Size

8KB
Sample

220209-l6me9shhc5
MD5

195eb22f92b6dbbddd81e594840b09b5
SHA1

583793bdf79591fa9c181817449b665c1b2ecd1a
SHA256

5aea6935f647ed44dbce04f27663e720dd25fc6226d20901d8b9dcf72715b2ac
SHA512

4b950a617a6d459cff2429b7bf84ab10f4dd1b0646dd4675360a43ac07944819683d67b2d741b581a75c6e1c3248b6b39c87a7fb065e1329f5425ee35c9e49b3

Score

10^/10

nworm downloader worm

Static task

static1

Behavioral task

behavioral1

Sample

second_pe.exe

Resource

win7-en-20211208

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

second_pe.exe

Resource

win10v2004-en-20220113

nworm downloader worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

nyanmoney02.duckdns.org:9031

Mutex

2e3fb6d0

Targets

- Target
  
  second_pe.exe
- Size
  
  16KB
- MD5
  
  08587e04a2196aa97a0f939812229d2d
- SHA1
  
  55e8c3f4a4a148d0075eccf0812a814eea3d4c6e
- SHA256
  
  afc5a5a1a18f3e65bffa6e3d4e68ed90c102a942156db77ef570c4e8d1394dbc
- SHA512
  
  e7a48a8526e93d48e4bf68f71d7ac1e000b21e09c978f3f2531a3b293322f071d634f23ef6d0d24e0cfc3b94ff00056ff86fed5c5a82ae1dd67c747ad02fd7ab
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

nwormdownloaderworm

behavioral2

nwormdownloaderworm

© 2018-2024

Terms | Privacy