vobfus | d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17 | Triage

Submit
Reports

Overview

overview

Static

static

d23fd3391f...17.exe

windows7-x64

d23fd3391f...17.exe

windows10-2004-x64

Sharing

General

Target

d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17
Size

143KB
Sample

230129-gftdnsca91
MD5

6443ead1a14aa075a711fb207d4e52b0
SHA1

843e35adf376be6ca6c9a16fb5025b8176c47d50
SHA256

d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17
SHA512

247ec64e023f30bb32752ccb853a3c2d8bccecb6d854db1b92ae3981229387182648f1db5d241e9c85c099db0d78a8e6aac04d99698b45088de2aa38fdb42481
SSDEEP

3072:oNpD5Iaa43WwkjuUUUUUv88AbbbMI8TqjFei7N6xpsz:qFIaa43WpjuUUUUUv88k8ej8iAPc

Score

10^/10

vobfus persistence upx worm

Static task

static1

Behavioral task

behavioral1

Sample

d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17.exe

Resource

win7-20220812-en

vobfus persistence upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17.exe

Resource

win10v2004-20221111-en

vobfus persistence upx worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17
- Size
  
  143KB
- MD5
  
  6443ead1a14aa075a711fb207d4e52b0
- SHA1
  
  843e35adf376be6ca6c9a16fb5025b8176c47d50
- SHA256
  
  d23fd3391f543127b84dca44977bed1151549dadedca4b0b142e3b0ba0676d17
- SHA512
  
  247ec64e023f30bb32752ccb853a3c2d8bccecb6d854db1b92ae3981229387182648f1db5d241e9c85c099db0d78a8e6aac04d99698b45088de2aa38fdb42481
- SSDEEP
  
  3072:oNpD5Iaa43WwkjuUUUUUv88AbbbMI8TqjFei7N6xpsz:qFIaa43WpjuUUUUUv88k8ej8iAPc
Score

10^/10

vobfus persistence upx worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

vobfuspersistenceupxworm

behavioral2

vobfuspersistenceupxworm

© 2018-2024

Terms | Privacy