vobfus | 61b3358a59cdcc658e27e744bcbfd05e94b84a98a647fc2740e8817848ca93bd | Triage

Sharing

General

Target

61b3358a59cdcc658e27e744bcbfd05e94b84a98a647fc2740e8817848ca93bd
Size

445KB
Sample

210515-thwa2jg4lx
MD5

72ccd8fbf367d1e559d72e357180ee27
SHA1

fde73bb07b4b02bc5d2bb47774c845035c775a41
SHA256

61b3358a59cdcc658e27e744bcbfd05e94b84a98a647fc2740e8817848ca93bd
SHA512

6bf3e841de5a3593fd727712f8f18b3ccfe55c50b8d4b5114074242c7408a696a259f0c0a612325832a6e91806aab19927445d1c5ef6fb2bde8ddbe1014cb8f3

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  61b3358a59cdcc658e27e744bcbfd05e94b84a98a647fc2740e8817848ca93bd
- Size
  
  445KB
- MD5
  
  72ccd8fbf367d1e559d72e357180ee27
- SHA1
  
  fde73bb07b4b02bc5d2bb47774c845035c775a41
- SHA256
  
  61b3358a59cdcc658e27e744bcbfd05e94b84a98a647fc2740e8817848ca93bd
- SHA512
  
  6bf3e841de5a3593fd727712f8f18b3ccfe55c50b8d4b5114074242c7408a696a259f0c0a612325832a6e91806aab19927445d1c5ef6fb2bde8ddbe1014cb8f3
Score

10^/10

vobfus persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vobfuspersistenceworm

behavioral2