vobfus | 668e05aec571b37a3264360dc74f319911f8348d1e8b2dfa81c5a12c85b81e9a | Triage

Sharing

General

Target

668e05aec571b37a3264360dc74f319911f8348d1e8b2dfa81c5a12c85b81e9a
Size

1.9MB
Sample

220324-sgqvqaaff3
MD5

0457382e24ec8bff4b3cba1513e4e22c
SHA1

f2af0946d9dcb846c9db1351e193ed3e79d71a3f
SHA256

668e05aec571b37a3264360dc74f319911f8348d1e8b2dfa81c5a12c85b81e9a
SHA512

414f4acce1adae76ca1a0a4001dc0a0acdc13255846625a2cf20e5ed17df22f2fa8ba3b14aa4056a9c4990ff8512d1ad2b3c77b6a07f781eda86f17a5f23f3f0

Score

10^/10

vobfus persistence worm

Malware Config

Targets

- Target
  
  668e05aec571b37a3264360dc74f319911f8348d1e8b2dfa81c5a12c85b81e9a
- Size
  
  1.9MB
- MD5
  
  0457382e24ec8bff4b3cba1513e4e22c
- SHA1
  
  f2af0946d9dcb846c9db1351e193ed3e79d71a3f
- SHA256
  
  668e05aec571b37a3264360dc74f319911f8348d1e8b2dfa81c5a12c85b81e9a
- SHA512
  
  414f4acce1adae76ca1a0a4001dc0a0acdc13255846625a2cf20e5ed17df22f2fa8ba3b14aa4056a9c4990ff8512d1ad2b3c77b6a07f781eda86f17a5f23f3f0
Score

10^/10

vobfus persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfuspersistenceworm

behavioral2

vobfuspersistenceworm