Overview

overview

10

Static

static

580fdf8c04...dd.exe

windows7_x64

8

580fdf8c04...dd.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    580fdf8c04a442a09682df59510faddd0e143fc3246ac70929668507a0179add

  • Size

    445KB

  • Sample

    210515-naslxq1gkj

  • MD5

    bf7da8c262fc121a36856c3457d07bd2

  • SHA1

    ed632ad0745f0ac15e09684e37543541d466ee8c

  • SHA256

    580fdf8c04a442a09682df59510faddd0e143fc3246ac70929668507a0179add

  • SHA512

    21dd97799cb8dfc3b1212ca37c66e1007d7961f4fd9507e4196e6d0cef29fc91aa8a97138818ce06ad38eb9ede6926e69c42a103795f20eb950a0bb84d93da08

Score
10/10
vobfuspersistenceworm

Malware Config

Targets

    • Target

      580fdf8c04a442a09682df59510faddd0e143fc3246ac70929668507a0179add

    • Size

      445KB

    • MD5

      bf7da8c262fc121a36856c3457d07bd2

    • SHA1

      ed632ad0745f0ac15e09684e37543541d466ee8c

    • SHA256

      580fdf8c04a442a09682df59510faddd0e143fc3246ac70929668507a0179add

    • SHA512

      21dd97799cb8dfc3b1212ca37c66e1007d7961f4fd9507e4196e6d0cef29fc91aa8a97138818ce06ad38eb9ede6926e69c42a103795f20eb950a0bb84d93da08

    Score
    10/10
    persistencevobfusworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks