nworm | 2d89ba4be26780c15328677895a43b6b31791a25105892d562cacf7fc902299d | Triage

Sharing

General

Target

WZQNBDSLVGAWPUXJRUVDYE.ps1
Size

130KB
Sample

220222-w8dk9addgk
MD5

3fbbaee606b9fa5ed730aab0c6123ce0
SHA1

a38435566b572cd77b2b5521cf50d830518ba9cf
SHA256

2d89ba4be26780c15328677895a43b6b31791a25105892d562cacf7fc902299d
SHA512

9cb3c6aa7021c09ec5c54520066fea23195e87c5cac41b2eba7bd8a0f31edc23414ebe4bbe3524ebcc2e100c3aec179987e58e11587205d4242302fa92b33f2f

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

nyanmoj.duckdns.org:5057

moneyhope81.duckdns.org:5057

Mutex

cb2d3cba

Targets

- Target
  
  WZQNBDSLVGAWPUXJRUVDYE.ps1
- Size
  
  130KB
- MD5
  
  3fbbaee606b9fa5ed730aab0c6123ce0
- SHA1
  
  a38435566b572cd77b2b5521cf50d830518ba9cf
- SHA256
  
  2d89ba4be26780c15328677895a43b6b31791a25105892d562cacf7fc902299d
- SHA512
  
  9cb3c6aa7021c09ec5c54520066fea23195e87c5cac41b2eba7bd8a0f31edc23414ebe4bbe3524ebcc2e100c3aec179987e58e11587205d4242302fa92b33f2f
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

nwormdownloaderworm