Overview

overview

10

Static

static

a1d8571eed...7d.exe

windows7_x64

10

a1d8571eed...7d.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a1d8571eed33e3a4390fde4c63f63162d266ae73d4fae0ee99b57d2e5f09927d

  • Size

    571KB

  • Sample

    210515-nrqrzhek76

  • MD5

    c994ccc21209b0495c74d5db187b2244

  • SHA1

    66c9aaaef690c829eed7b0780ead3ac3c0759b19

  • SHA256

    a1d8571eed33e3a4390fde4c63f63162d266ae73d4fae0ee99b57d2e5f09927d

  • SHA512

    fa112f5acadcd2688d7aae20935b5bd1f08adfb9c778d996b7b5e128a91fad8c9af1e97206d1ea2c36a4ed7cb98a8eeb64c9183a5161ed5da3925ba573876cf5

Score
10/10
vobfuspersistenceworm

Malware Config

Targets

    • Target

      a1d8571eed33e3a4390fde4c63f63162d266ae73d4fae0ee99b57d2e5f09927d

    • Size

      571KB

    • MD5

      c994ccc21209b0495c74d5db187b2244

    • SHA1

      66c9aaaef690c829eed7b0780ead3ac3c0759b19

    • SHA256

      a1d8571eed33e3a4390fde4c63f63162d266ae73d4fae0ee99b57d2e5f09927d

    • SHA512

      fa112f5acadcd2688d7aae20935b5bd1f08adfb9c778d996b7b5e128a91fad8c9af1e97206d1ea2c36a4ed7cb98a8eeb64c9183a5161ed5da3925ba573876cf5

    Score
    10/10
    vobfuspersistenceworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks