nworm | 5fabb2bb7a4b5d30e340ee071663d9e221bc6ba3328cf13368996051c9d67721 | Triage

Sharing

General

Target

abd27e2a444507435b20c67464936014
Size

21KB
Sample

231227-k5rsxshdap
MD5

abd27e2a444507435b20c67464936014
SHA1

2b9daae5133ce4b4757b1a0a9a7d5b52d0f6611e
SHA256

5fabb2bb7a4b5d30e340ee071663d9e221bc6ba3328cf13368996051c9d67721
SHA512

4555dbf2c9066d0bbed9f72bf9ac56ffbe409839669d5be38efe436bb32dc760f17d57c455ff74b394f7aefabd8872a9e52c036e1005e4447d0d5e7beb0a6750
SSDEEP

384:Iv4dxX5EOddFNuYd79l+JUUo+BoUy5i8Y/TIC/TaQ:IgTeOddFkYd79cJUUo+qRDYrPuQ

Score

10^/10

nworm downloader worm

Malware Config

Extracted

Family

nworm

Version

v0.3.8

C2

publicvm.camdvr.org:1933

Mutex

9c719311

Targets

- Target
  
  abd27e2a444507435b20c67464936014
- Size
  
  21KB
- MD5
  
  abd27e2a444507435b20c67464936014
- SHA1
  
  2b9daae5133ce4b4757b1a0a9a7d5b52d0f6611e
- SHA256
  
  5fabb2bb7a4b5d30e340ee071663d9e221bc6ba3328cf13368996051c9d67721
- SHA512
  
  4555dbf2c9066d0bbed9f72bf9ac56ffbe409839669d5be38efe436bb32dc760f17d57c455ff74b394f7aefabd8872a9e52c036e1005e4447d0d5e7beb0a6750
- SSDEEP
  
  384:Iv4dxX5EOddFNuYd79l+JUUo+BoUy5i8Y/TIC/TaQ:IgTeOddFkYd79cJUUo+qRDYrPuQ
Score

10^/10

nworm downloader worm
- NWorm
  A TrickBot module used to propagate to vulnerable domain controllers.
  worm downloader nworm
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

nwormdownloaderworm