General
-
Target
d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd
-
Size
17KB
-
Sample
220731-kebn1sgcc4
-
MD5
c6ef22d341307db526ba8f5fe2a00d12
-
SHA1
915e592739f6561fa871d0754f12a3a3d50153ee
-
SHA256
d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd
-
SHA512
5b34ff33b0c42e0b6fd3eeeeca7accf44b2b4bd71b834a047fcccb321413b046b93db335da6c4b626fae352ff40e6219aa1adcce871f80dd0a06d59ff1340bd0
Behavioral task
behavioral1
Sample
d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd.exe
Resource
win7-20220715-en
Malware Config
Extracted
nworm
v0.3.8
win32update.duckdns.org:5553
xmrdjo.duckdns.org:5553
4f9c371b
Targets
-
-
Target
d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd
-
Size
17KB
-
MD5
c6ef22d341307db526ba8f5fe2a00d12
-
SHA1
915e592739f6561fa871d0754f12a3a3d50153ee
-
SHA256
d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd
-
SHA512
5b34ff33b0c42e0b6fd3eeeeca7accf44b2b4bd71b834a047fcccb321413b046b93db335da6c4b626fae352ff40e6219aa1adcce871f80dd0a06d59ff1340bd0
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-