nworm | 36e82f18e72113f24a5460ed87f67dab158c6f3b342422287bdb8218c2186bc9 | Triage

Sharing

General

Target

BE4F0C6439BDBA738482EA253CDE60F3347AFD86B284362F83B510A0034B693A.zip
Size

38KB
Sample

220308-v3kxpshga3
MD5

ed8c1051ef5ab14ef3f8e2ea7ae5b6e4
SHA1

dafa39df22690ce8d109de92c217a5ccb9d6de06
SHA256

36e82f18e72113f24a5460ed87f67dab158c6f3b342422287bdb8218c2186bc9
SHA512

994d28b3d877dfcc42462cfbe3a7d157a6968e867d333119e1f1f9aa497226537cad6d8307a2a4616017d7e63156a53a9994bfea0d74f2fdf854cf21dc916f8e

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

nyanwmoney.duckdns.org:8891

Mutex

594274bc

Targets

- Target
  
  file1.ps1
- Size
  
  132KB
- MD5
  
  9777539c560bfd297cc2574c37fa5b21
- SHA1
  
  4eb088f40d4cb02590c7299ac7e2c0d609680e1e
- SHA256
  
  be4f0c6439bdba738482ea253cde60f3347afd86b284362f83b510a0034b693a
- SHA512
  
  dc3ca59771b57826cd8714c4335ffbdecddd155e234309dd812d0db7bb2a21b590bd73c57d5270f2083e6f616fbf2265f955654ae5f091d9f820ae64beea1e96
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

nwormdownloaderworm