SMBWorm2

SMB worm with LNK lure (Work_Report_2026.pdf.lnk). Downloads 3 payloads from 196.251.107.104 (11x06x2026_x64.exe, clp5.exe, rkx4.exe). NetShareEnum+NetServerEnum for lateral movement. Global mutex dsfdsoijbvoxiUHUokpoCVS9XVF848. ADMIN$ share traversal.

Threat Profile
Type Botnet
Programming LanguageC
C2 ProtocolHTTP
First Seen2026
Targets Küresel
Purpose / Capabilities
  • Worm/Downloader
No C2 servers have been identified for this family yet.

Research Reports (1)

Critical

SMBWorm2 Work_Report_2026 -- 196.251.107.104 Payload Sunucu Uc Ayri EXE Indirme, NetShareEnum NetServerEnum SMB Yayilma, Global dsfdsoijbvoxiUHUokpoCVS9XVF848 Mutex, Work_Report_2026.pdf.lnk LNK Enfeksiyon Vektoru | Kritik

SMBWorm2 Work_Report_2026 PE32 x86 174KB. 196.251.107.104 payload sunucu uc ayri EXE indir. NetShareEnum NetServerEnum SMB yayilma. Global dsfdsoijbvoxiUHUokpoCVS9XVF848 mutex. Work_Report_2026.pdf.lnk LNK enfeksiyon.

Read Report →