Overview

overview

10

Static

static

ac920cc8aa...61.exe

windows7_x64

10

ac920cc8aa...61.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac920cc8aa80e0b03c8fbaabac1ae1102c8da31e1f73f9d56b98803cbfc2a561

  • Size

    1.9MB

  • Sample

    210515-bbe4dxkmre

  • MD5

    bf39e5c7d11b155c77de71d7c1b66d16

  • SHA1

    d9caa9e32d4f2894df72e2e62319043428834011

  • SHA256

    ac920cc8aa80e0b03c8fbaabac1ae1102c8da31e1f73f9d56b98803cbfc2a561

  • SHA512

    2cca235d75521ec19f688ea0e152c4fa62bcc70e0d0d6e3343fdd6c0d8ea612424593dc94a881bc2c0611305599f124d50aca1bc2220b89795c4fb2d12038db1

Score
10/10
vobfuspersistenceworm

Malware Config

Targets

    • Target

      ac920cc8aa80e0b03c8fbaabac1ae1102c8da31e1f73f9d56b98803cbfc2a561

    • Size

      1.9MB

    • MD5

      bf39e5c7d11b155c77de71d7c1b66d16

    • SHA1

      d9caa9e32d4f2894df72e2e62319043428834011

    • SHA256

      ac920cc8aa80e0b03c8fbaabac1ae1102c8da31e1f73f9d56b98803cbfc2a561

    • SHA512

      2cca235d75521ec19f688ea0e152c4fa62bcc70e0d0d6e3343fdd6c0d8ea612424593dc94a881bc2c0611305599f124d50aca1bc2220b89795c4fb2d12038db1

    Score
    10/10
    vobfuspersistenceworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks