vobfus | dca2d693bb63d56ea1dee1d52bb6136bb44a08a1dbfc52dafe3c87f100c16358 | Triage

Sharing

General

Target

dca2d693bb63d56ea1dee1d52bb6136bb44a08a1dbfc52dafe3c87f100c16358
Size

1.9MB
Sample

210513-19651cb8pn
MD5

b64d7ab790de37da9e74cf9b97b3268a
SHA1

cbc7cb85bd4809b51aaab44fa46a210eee088bf4
SHA256

dca2d693bb63d56ea1dee1d52bb6136bb44a08a1dbfc52dafe3c87f100c16358
SHA512

14476431b8fb92da7309000fd2fbcb434cb504285424579e51092e2e432a6337804d3a1039a78cde41bc0b1c0ef7d3b84f7adc60f1ac87766351cd81d1008d1a

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  dca2d693bb63d56ea1dee1d52bb6136bb44a08a1dbfc52dafe3c87f100c16358
- Size
  
  1.9MB
- MD5
  
  b64d7ab790de37da9e74cf9b97b3268a
- SHA1
  
  cbc7cb85bd4809b51aaab44fa46a210eee088bf4
- SHA256
  
  dca2d693bb63d56ea1dee1d52bb6136bb44a08a1dbfc52dafe3c87f100c16358
- SHA512
  
  14476431b8fb92da7309000fd2fbcb434cb504285424579e51092e2e432a6337804d3a1039a78cde41bc0b1c0ef7d3b84f7adc60f1ac87766351cd81d1008d1a
Score

10^/10

vobfus persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vobfuspersistenceworm

behavioral2