vobfus | 6d2b00d56bca61d337f2a1e369c5ff63b8bb4a7a9169a736cc6c4c2d1d1a1290 | Triage

Sharing

General

Target

6d2b00d56bca61d337f2a1e369c5ff63b8bb4a7a9169a736cc6c4c2d1d1a1290
Size

1.9MB
Sample

210513-447q14msjj
MD5

b9c4f4251fb7ae8d9770687b547bf3d8
SHA1

87951166d2804b525d2b652bf5043cf5b4285456
SHA256

6d2b00d56bca61d337f2a1e369c5ff63b8bb4a7a9169a736cc6c4c2d1d1a1290
SHA512

f4c7c0d6faa7b5b888b17a5a3afaaa1d65394448eaaf14e5cf33d6db1be73015e709c37457983c17afc0005bc64c23095939d62b616b6359905b2492355cad30

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  6d2b00d56bca61d337f2a1e369c5ff63b8bb4a7a9169a736cc6c4c2d1d1a1290
- Size
  
  1.9MB
- MD5
  
  b9c4f4251fb7ae8d9770687b547bf3d8
- SHA1
  
  87951166d2804b525d2b652bf5043cf5b4285456
- SHA256
  
  6d2b00d56bca61d337f2a1e369c5ff63b8bb4a7a9169a736cc6c4c2d1d1a1290
- SHA512
  
  f4c7c0d6faa7b5b888b17a5a3afaaa1d65394448eaaf14e5cf33d6db1be73015e709c37457983c17afc0005bc64c23095939d62b616b6359905b2492355cad30
Score

10^/10

vobfus persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfuspersistenceworm

behavioral2

vobfuspersistenceworm