vobfus | aa778f939977b80f87a04747721eabaeae4ab5e09d5eb2178ee650f2c3f96dd6 | Triage

Submit
Reports

Overview

overview

Static

static

3

e9f7251adf...18.exe

windows7-x64

e9f7251adf...18.exe

windows10-2004-x64

Sharing

General

Target

e9f7251adf63ca905ff1423def163df5_JaffaCakes118
Size

220KB
Sample

240409-pelw7shh9y
MD5

e9f7251adf63ca905ff1423def163df5
SHA1

e2582bd560f0e7461d0c43b3b305f0365d7761e6
SHA256

aa778f939977b80f87a04747721eabaeae4ab5e09d5eb2178ee650f2c3f96dd6
SHA512

ee18284b5cba717cd57173f03381a4ed3d4c416375370d9c7415fcaa0c63396de4c7999c516a1dfd5ba69e7511898163273a73d6a8818eb10ae854557d69ab81
SSDEEP

1536:c3bsEIbdCdWMGEd/OUD4k3oAm0uKBBi58YpcJ/NsnXUIL6UwGug7LB7hrqH84Jao:Lby2GXFfYEWnEY6URBV/4O+L9VVpWvQ

Score

10^/10

vobfus persistence upx worm

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e9f7251adf63ca905ff1423def163df5_JaffaCakes118.exe

Resource

win7-20240221-en

vobfus persistence upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9f7251adf63ca905ff1423def163df5_JaffaCakes118.exe

Resource

win10v2004-20240226-en

vobfus persistence upx worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  e9f7251adf63ca905ff1423def163df5_JaffaCakes118
- Size
  
  220KB
- MD5
  
  e9f7251adf63ca905ff1423def163df5
- SHA1
  
  e2582bd560f0e7461d0c43b3b305f0365d7761e6
- SHA256
  
  aa778f939977b80f87a04747721eabaeae4ab5e09d5eb2178ee650f2c3f96dd6
- SHA512
  
  ee18284b5cba717cd57173f03381a4ed3d4c416375370d9c7415fcaa0c63396de4c7999c516a1dfd5ba69e7511898163273a73d6a8818eb10ae854557d69ab81
- SSDEEP
  
  1536:c3bsEIbdCdWMGEd/OUD4k3oAm0uKBBi58YpcJ/NsnXUIL6UwGug7LB7hrqH84Jao:Lby2GXFfYEWnEY6URBV/4O+L9VVpWvQ
Score

10^/10

vobfus persistence upx worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

vobfuspersistenceupxworm

behavioral2

vobfuspersistenceupxworm

© 2018-2024

Terms | Privacy