Overview

overview

10

Static

static

8

aa55ea84bf...ab.exe

windows7_x64

8

aa55ea84bf...ab.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aa55ea84bff6b246f2b64092be17ed94b8b3633490cd0b976d0099261dc57dab

  • Size

    220KB

  • Sample

    210515-1c1fd2a39j

  • MD5

    bd235c75a4c5229f828baa256f3ef50c

  • SHA1

    a49d0d253067757c5668118857cb40382348fc29

  • SHA256

    aa55ea84bff6b246f2b64092be17ed94b8b3633490cd0b976d0099261dc57dab

  • SHA512

    4a4935bd7efda5ecefa325086b974a471c5cf3e3e19af77b9e0e757f919142e578e1696fe7ac4fe731182d66e27bbc7c5b9d13b6319c206ec021d940347d033a

Score
10/10
vobfuspersistenceupxworm

Malware Config

Targets

    • Target

      aa55ea84bff6b246f2b64092be17ed94b8b3633490cd0b976d0099261dc57dab

    • Size

      220KB

    • MD5

      bd235c75a4c5229f828baa256f3ef50c

    • SHA1

      a49d0d253067757c5668118857cb40382348fc29

    • SHA256

      aa55ea84bff6b246f2b64092be17ed94b8b3633490cd0b976d0099261dc57dab

    • SHA512

      4a4935bd7efda5ecefa325086b974a471c5cf3e3e19af77b9e0e757f919142e578e1696fe7ac4fe731182d66e27bbc7c5b9d13b6319c206ec021d940347d033a

    Score
    10/10
    persistencevobfusworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks