vobfus | 7a13bd65ef7bc847300a6a516f45110b91070dae3adbcd7f33a28127248c11f0 | Triage

Sharing

General

Target

7a13bd65ef7bc847300a6a516f45110b91070dae3adbcd7f33a28127248c11f0
Size

1.9MB
Sample

210513-87t8danwln
MD5

432764bab736b9ae4d7f37e627b57b0d
SHA1

74697d0419728992d47b918aaf300995496f756b
SHA256

7a13bd65ef7bc847300a6a516f45110b91070dae3adbcd7f33a28127248c11f0
SHA512

3689d7905ee1045e7599cd59b7f50dab0d7e36ef3e5121d2ae3e00c838224bebb599ad080e24ed16907fb7b814f4513a51e3d558bfcac7cb6fd605f4cee5df93

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  7a13bd65ef7bc847300a6a516f45110b91070dae3adbcd7f33a28127248c11f0
- Size
  
  1.9MB
- MD5
  
  432764bab736b9ae4d7f37e627b57b0d
- SHA1
  
  74697d0419728992d47b918aaf300995496f756b
- SHA256
  
  7a13bd65ef7bc847300a6a516f45110b91070dae3adbcd7f33a28127248c11f0
- SHA512
  
  3689d7905ee1045e7599cd59b7f50dab0d7e36ef3e5121d2ae3e00c838224bebb599ad080e24ed16907fb7b814f4513a51e3d558bfcac7cb6fd605f4cee5df93
Score

10^/10

vobfus persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfuspersistenceworm

behavioral2