vobfus | aeca6bcf2db969cb99ee3819cba054507effe800e24c8db41bb5a29a24a89102 | Triage

Sharing

General

Target

aeca6bcf2db969cb99ee3819cba054507effe800e24c8db41bb5a29a24a89102
Size

1.4MB
Sample

210515-k194vptxca
MD5

90b03eb797256517546b9cbbe3113f9c
SHA1

f7028ca655cd4507bd37988c8ed4083af7310ef1
SHA256

aeca6bcf2db969cb99ee3819cba054507effe800e24c8db41bb5a29a24a89102
SHA512

5591d2a9dcbdbf69c0fb794bca2c89f30100f0c91a858f140c97f8a2b566a06b3bd8c8c5189926c9eb637822d2778dd468d7f5b4d571238be2fdeaeca827c85f

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  aeca6bcf2db969cb99ee3819cba054507effe800e24c8db41bb5a29a24a89102
- Size
  
  1.4MB
- MD5
  
  90b03eb797256517546b9cbbe3113f9c
- SHA1
  
  f7028ca655cd4507bd37988c8ed4083af7310ef1
- SHA256
  
  aeca6bcf2db969cb99ee3819cba054507effe800e24c8db41bb5a29a24a89102
- SHA512
  
  5591d2a9dcbdbf69c0fb794bca2c89f30100f0c91a858f140c97f8a2b566a06b3bd8c8c5189926c9eb637822d2778dd468d7f5b4d571238be2fdeaeca827c85f
Score

10^/10

persistence vobfus worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

vobfuspersistenceworm