N-W0rm analysis (Part 1) - SECUINFRA
Tags
| attack-pattern: | Malware - T1587.001 Malware - T1588.001 Powershell - T1059.001 Python - T1059.006 Powershell - T1086 |
Common Information
| Type | Value |
|---|---|
| UUID | 6f079fe2-9ad6-4f9f-87e3-70f8c9334f5f |
| Fingerprint | 860820c50fa40ba7 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Feb. 1, 2022, 9:18 a.m. |
| Added to db | Sept. 26, 2022, 9:34 a.m. |
| Last updated | Nov. 14, 2024, 2:04 p.m. |
| Headline | N-W0rm analysis (Part 1) |
| Title | N-W0rm analysis (Part 1) - SECUINFRA |
| Detected Hints/Tags/Attributes | 29/1/17 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://www.secuinfra.com/en/techtalk/n-w0rm-analysis-part-1/ |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 93 | bazaar.abuse.ch |
|
| Details | Domain | 372 | wscript.shell |
|
| Details | File | 1 | rilsxdkopjhn.txt |
|
| Details | File | 1 | sssssshsjsjsa.txt |
|
| Details | File | 1 | 1b976a1fa26c4118d09cd6b1eaeceafccc783008c22da58d6f5b1b3019fa1ba4.vbs |
|
| Details | File | 1 | first_pe.exe |
|
| Details | File | 1 | second_pe.exe |
|
| Details | md5 | 1 | 3d8ff7f298f64d9150a11e61dcbfd87b |
|
| Details | md5 | 1 | 9ce8d6f136b95fab140bc8904666003a |
|
| Details | md5 | 1 | e04e4cb7e410b885babba54cd59d5ae9 |
|
| Details | md5 | 1 | 83dc22a1493e609b8b16f732e909418f |
|
| Details | md5 | 1 | 08587e04a2196aa97a0f939812229d2d |
|
| Details | sha256 | 1 | 1b976a1fa26c4118d09cd6b1eaeceafccc783008c22da58d6f5b1b3019fa1ba4 |
|
| Details | IPv4 | 1 | 15.188.246.78 |
|
| Details | Url | 1 | https://bazaar.abuse.ch/sample/1b976a1fa26c4118d09cd6b1eaeceafccc783008c22da58d6f5b1b3019fa1ba4 |
|
| Details | Url | 1 | http://15.188.246.78/q/sssssshsjsjsa.txt |
|
| Details | Url | 1 | http://15.188.246.78/q/rilsxdkopjhn.txt |