nworm | 9b60ef3f360061599935dcbcf4aa96f13b4121f7ad88d5b8cea0cecabc2281a6 | Triage

Submit
Reports

Overview

overview

Static

static

DRNTFNAYYI...XB.vbs

windows7_x64

3

DRNTFNAYYI...XB.vbs

windows10-2004_x64

Sharing

General

Target

drntfn_Payment_Invoice.iso
Size

602KB
Sample

220210-1g2wzsahbp
MD5

6ca672aef71cf09e1e75adac1ce93cd0
SHA1

fce99108000defd3fe02403e42fe30dfe71d7cb9
SHA256

9b60ef3f360061599935dcbcf4aa96f13b4121f7ad88d5b8cea0cecabc2281a6
SHA512

4517990bb60489173f68b927853ef64df692eba1b1d8b10f6b2ec0da2f001c72cb24de9300bd5a8178f8d02752922beab57a946777c3e43012a1563a62c9135f

Score

10^/10

nworm downloader worm

Static task

static1

Behavioral task

behavioral1

Sample

DRNTFNAYYIIFLWXZGPDDLOHORDNKIBLKOGRRKKPLPZSWTHCRGCJSAXYHNIZCHDHKUXXB.vbs

Resource

win7-en-20211208

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DRNTFNAYYIIFLWXZGPDDLOHORDNKIBLKOGRRKKPLPZSWTHCRGCJSAXYHNIZCHDHKUXXB.vbs

Resource

win10v2004-en-20220112

nworm downloader worm

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

nyanmoj.duckdns.org:5057

moneyhope81.duckdns.org:5057

Mutex

cb2d3cba

Targets

- Target
  
  DRNTFNAYYIIFLWXZGPDDLOHORDNKIBLKOGRRKKPLPZSWTHCRGCJSAXYHNIZCHDHKUXXB.VBS
- Size
  
  10KB
- MD5
  
  fbeb926f8e236f7508dc48afb9d046de
- SHA1
  
  3f85ddca97316e3a28e237bbf1a8bd8eb8536571
- SHA256
  
  d65dd59be082d859d41d1d04acebaf9aa6cd71faca93a93e9c830064f6dcff6a
- SHA512
  
  853f0e3af5b787be2e038c36b90b23577672159d7879929943fca799f97a3b40fc0143534578f547c7cc3e8cecf20a57e5bbe98fb0a147031a69f77fd7ea6f43
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

nwormdownloaderworm

© 2018-2024

Terms | Privacy