Overview

overview

10

Static

static

2d40b0c719...57.exe

windows7_x64

10

2d40b0c719...57.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d40b0c719c41993c83d9142c614df4b43fbb2f6052d38375a3e1fa2133d5557

  • Size

    228KB

  • Sample

    220614-yrlawaafhp

  • MD5

    a3129933e45dfe59ed907900f29bc9e6

  • SHA1

    a5e2982befb8bf75988d4dfd1524ecc9c0426f80

  • SHA256

    2d40b0c719c41993c83d9142c614df4b43fbb2f6052d38375a3e1fa2133d5557

  • SHA512

    9ba0cf4bab366a2742570d70a11d5199d1e19c43cd36652ecd0948c6a47ff97101f821a90d607ed34f8b0ca51172246da6c264a42f5acf15a64dabf7ae3c5c21

Score
10/10
vobfuspersistencesuricataworm

Malware Config

Targets

    • Target

      2d40b0c719c41993c83d9142c614df4b43fbb2f6052d38375a3e1fa2133d5557

    • Size

      228KB

    • MD5

      a3129933e45dfe59ed907900f29bc9e6

    • SHA1

      a5e2982befb8bf75988d4dfd1524ecc9c0426f80

    • SHA256

      2d40b0c719c41993c83d9142c614df4b43fbb2f6052d38375a3e1fa2133d5557

    • SHA512

      9ba0cf4bab366a2742570d70a11d5199d1e19c43cd36652ecd0948c6a47ff97101f821a90d607ed34f8b0ca51172246da6c264a42f5acf15a64dabf7ae3c5c21

    Score
    10/10
    vobfuspersistencesuricataworm

    • Vobfus

      A widespread worm which spreads via network drives and removable media.

      wormvobfus

    • suricata: ET MALWARE BlackshadesRAT Reporting

      suricata: ET MALWARE BlackshadesRAT Reporting

      suricata

    • Adds policy Run key to start application

      persistence

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks