Overview

overview

10

Static

static

8

bcbc1b2606...30.exe

windows7_x64

10

bcbc1b2606...30.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bcbc1b260673aaaac9d0c2950e59d821048623ba5678741f7bd904edeeebba30

  • Size

    1.1MB

  • Sample

    210515-2chln1kls2

  • MD5

    be1f2e12d43c0ed6dca9241045f19194

  • SHA1

    a08e3c47a45ddc067e9c7b59215c104d6bcbde88

  • SHA256

    bcbc1b260673aaaac9d0c2950e59d821048623ba5678741f7bd904edeeebba30

  • SHA512

    d8d4c5220e8a031cfa294548cbfff82247862837e9562f1aa4f5cb1012b15fdcc944ad0298a8974aa9a9ca8bceaf3f2726c6121141db76217d80263eb4e5fbe6

Score
10/10
vobfuspersistenceupxworm

Malware Config

Targets

    • Target

      bcbc1b260673aaaac9d0c2950e59d821048623ba5678741f7bd904edeeebba30

    • Size

      1.1MB

    • MD5

      be1f2e12d43c0ed6dca9241045f19194

    • SHA1

      a08e3c47a45ddc067e9c7b59215c104d6bcbde88

    • SHA256

      bcbc1b260673aaaac9d0c2950e59d821048623ba5678741f7bd904edeeebba30

    • SHA512

      d8d4c5220e8a031cfa294548cbfff82247862837e9562f1aa4f5cb1012b15fdcc944ad0298a8974aa9a9ca8bceaf3f2726c6121141db76217d80263eb4e5fbe6

    Score
    10/10
    vobfuspersistenceworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks