Overview

overview

10

Static

static

e6817b5b8e...ca.exe

windows7_x64

10

e6817b5b8e...ca.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e6817b5b8eeb25f67072d405df7b5955cd69f77b9d64688a86cfcfd235c0c8ca

  • Size

    445KB

  • Sample

    210515-kb1xfhlbt2

  • MD5

    b90200f4c155dae5f6460839fe6917fa

  • SHA1

    c0bcdc5429dcb3a07400884f73dfe3da3e679198

  • SHA256

    e6817b5b8eeb25f67072d405df7b5955cd69f77b9d64688a86cfcfd235c0c8ca

  • SHA512

    adfdf8c6a8056109bf781a9973c370c26c3f5ba7a84326d0baa96da5a738133a549187817db859d3c9aa075bc934fd5ff59720957160d4db52dec85e26d1e79a

Score
10/10
vobfuspersistenceworm

Malware Config

Targets

    • Target

      e6817b5b8eeb25f67072d405df7b5955cd69f77b9d64688a86cfcfd235c0c8ca

    • Size

      445KB

    • MD5

      b90200f4c155dae5f6460839fe6917fa

    • SHA1

      c0bcdc5429dcb3a07400884f73dfe3da3e679198

    • SHA256

      e6817b5b8eeb25f67072d405df7b5955cd69f77b9d64688a86cfcfd235c0c8ca

    • SHA512

      adfdf8c6a8056109bf781a9973c370c26c3f5ba7a84326d0baa96da5a738133a549187817db859d3c9aa075bc934fd5ff59720957160d4db52dec85e26d1e79a

    Score
    10/10
    vobfuspersistenceworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks