vobfus | 7312cd2724a53e4af84ca60e1da575434ddd6f0b8ad4477f2da38f0e9c5eab0d | Triage

Sharing

General

Target

7312cd2724a53e4af84ca60e1da575434ddd6f0b8ad4477f2da38f0e9c5eab0d
Size

318KB
Sample

210515-4kddpm6cx6
MD5

bbe3a778df4dcf19673c59aab55a8b0d
SHA1

c9ee96ea5ff173d651d6cd518efd1475e83e8baa
SHA256

7312cd2724a53e4af84ca60e1da575434ddd6f0b8ad4477f2da38f0e9c5eab0d
SHA512

df756e4aa50dca6cad76ea9cfa8de726bb52b99f04abc206011148f76de2541b97a7924b2d2e1b1338120d28c34cf345da15ad3e2377b9c42b88a32912173970

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  7312cd2724a53e4af84ca60e1da575434ddd6f0b8ad4477f2da38f0e9c5eab0d
- Size
  
  318KB
- MD5
  
  bbe3a778df4dcf19673c59aab55a8b0d
- SHA1
  
  c9ee96ea5ff173d651d6cd518efd1475e83e8baa
- SHA256
  
  7312cd2724a53e4af84ca60e1da575434ddd6f0b8ad4477f2da38f0e9c5eab0d
- SHA512
  
  df756e4aa50dca6cad76ea9cfa8de726bb52b99f04abc206011148f76de2541b97a7924b2d2e1b1338120d28c34cf345da15ad3e2377b9c42b88a32912173970
Score

10^/10

vobfus persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vobfuspersistenceworm

behavioral2