nworm | 729955eb4afcb332b615ee3d1b1cf4148b1c87566dc49ce804c1e1193e28f435 | Triage

Submit
Reports

Overview

overview

Static

static

Quick SFV.exe

windows7_x64

Sharing

General

Target

Quick SFV.exe
Size

20.1MB
Sample

220422-a3l5jsegdk
MD5

123cd9c01676dac4081fbe2d3b6f8fc9
SHA1

455bd5f0741e74b3ba577d120384fa1de59b00ec
SHA256

729955eb4afcb332b615ee3d1b1cf4148b1c87566dc49ce804c1e1193e28f435
SHA512

c18ee8fedbb208d51ed4181705b243b8ed0ff94c52041660e718eb52129de1f080b42cfddc7c9f425f67c39f6808e1a6d457e8c477403f3f111a05e00b158ebf

Score

10^/10

nworm downloader worm

Static task

static1

Behavioral task

behavioral1

Sample

Quick SFV.exe

Resource

win7-20220414-en

nworm downloader worm

windows7_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

176.122.121.199:80

Mutex

09b217be

Targets

- Target
  
  Quick SFV.exe
- Size
  
  20.1MB
- MD5
  
  123cd9c01676dac4081fbe2d3b6f8fc9
- SHA1
  
  455bd5f0741e74b3ba577d120384fa1de59b00ec
- SHA256
  
  729955eb4afcb332b615ee3d1b1cf4148b1c87566dc49ce804c1e1193e28f435
- SHA512
  
  c18ee8fedbb208d51ed4181705b243b8ed0ff94c52041660e718eb52129de1f080b42cfddc7c9f425f67c39f6808e1a6d457e8c477403f3f111a05e00b158ebf
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

nwormdownloaderworm

© 2018-2025

Terms | Privacy