Overview

overview

10

Static

static

8

cbfb37aa80...39.exe

windows7_x64

cbfb37aa80...39.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cbfb37aa80241f13219dd80e61ffe320d10609a9eae2a3796586a10e676e3c39

  • Size

    219KB

  • Sample

    210903-k6r53schd2

  • MD5

    215175e7310531b9e424cb8ad6dc6058

  • SHA1

    0de615a9915c77cd6241fa95e7dfa36228ca04cc

  • SHA256

    cbfb37aa80241f13219dd80e61ffe320d10609a9eae2a3796586a10e676e3c39

  • SHA512

    33d8bae0aa511d553889cb30210a89bfc7e0f7a837463620583f9e78ed651d1394c3b5c15aeb31968a0b187d6a8c055ae16ce0c9dc1baf7dc33fc80b7843c312

Score
10/10
vobfuspersistenceupxworm

Malware Config

Targets

    • Target

      cbfb37aa80241f13219dd80e61ffe320d10609a9eae2a3796586a10e676e3c39

    • Size

      219KB

    • MD5

      215175e7310531b9e424cb8ad6dc6058

    • SHA1

      0de615a9915c77cd6241fa95e7dfa36228ca04cc

    • SHA256

      cbfb37aa80241f13219dd80e61ffe320d10609a9eae2a3796586a10e676e3c39

    • SHA512

      33d8bae0aa511d553889cb30210a89bfc7e0f7a837463620583f9e78ed651d1394c3b5c15aeb31968a0b187d6a8c055ae16ce0c9dc1baf7dc33fc80b7843c312

    Score
    10/10
    vobfuspersistenceworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks