Overview

overview

10

Static

static

16f77c00ed...34.exe

windows7_x64

10

16f77c00ed...34.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16f77c00ed4455bebb230fcdc52a041509ea666b2bb55b1eadf4e1c8ff8d2a34

  • Size

    1.4MB

  • Sample

    210515-v9dr8c2t7j

  • MD5

    b6f25d7d801922e3b8b9ddaa8a6d96fa

  • SHA1

    09496c08bba40755cd6e8440696d5d6209acc9a2

  • SHA256

    16f77c00ed4455bebb230fcdc52a041509ea666b2bb55b1eadf4e1c8ff8d2a34

  • SHA512

    886643340c02607074dfe5e574244ae7498ca87d73da43ed3d83166c99b45da43e9c998de29e3c04fe3c55a790bd10b2dafac281e432eaaaf440f92c6ec403da

Score
10/10
vobfuspersistenceworm

Malware Config

Targets

    • Target

      16f77c00ed4455bebb230fcdc52a041509ea666b2bb55b1eadf4e1c8ff8d2a34

    • Size

      1.4MB

    • MD5

      b6f25d7d801922e3b8b9ddaa8a6d96fa

    • SHA1

      09496c08bba40755cd6e8440696d5d6209acc9a2

    • SHA256

      16f77c00ed4455bebb230fcdc52a041509ea666b2bb55b1eadf4e1c8ff8d2a34

    • SHA512

      886643340c02607074dfe5e574244ae7498ca87d73da43ed3d83166c99b45da43e9c998de29e3c04fe3c55a790bd10b2dafac281e432eaaaf440f92c6ec403da

    Score
    10/10
    vobfuspersistenceworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks