Overview

overview

10

Static

static

10

d8ababca58...fd.exe

windows7-x64

10

d8ababca58...fd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd

  • Size

    17KB

  • Sample

    220731-kebn1sgcc4

  • MD5

    c6ef22d341307db526ba8f5fe2a00d12

  • SHA1

    915e592739f6561fa871d0754f12a3a3d50153ee

  • SHA256

    d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd

  • SHA512

    5b34ff33b0c42e0b6fd3eeeeca7accf44b2b4bd71b834a047fcccb321413b046b93db335da6c4b626fae352ff40e6219aa1adcce871f80dd0a06d59ff1340bd0

Score
10/10
hawkeyenwormdownloaderkeyloggerspywarestealertrojanworm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

win32update.duckdns.org:5553

xmrdjo.duckdns.org:5553
Mutex

4f9c371b

Targets

    • Target

      d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd

    • Size

      17KB

    • MD5

      c6ef22d341307db526ba8f5fe2a00d12

    • SHA1

      915e592739f6561fa871d0754f12a3a3d50153ee

    • SHA256

      d8ababca584ba4feecd850a69aef231068e9e025d31afe75dbe681dbf5c2d5fd

    • SHA512

      5b34ff33b0c42e0b6fd3eeeeca7accf44b2b4bd71b834a047fcccb321413b046b93db335da6c4b626fae352ff40e6219aa1adcce871f80dd0a06d59ff1340bd0

    Score
    10/10
    hawkeyenwormdownloaderkeyloggerspywarestealertrojanworm

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • NWorm

      A TrickBot module used to propagate to vulnerable domain controllers.

      wormdownloadernworm

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks