vobfus | 8301b0a6fd1f48adcf0a61ce61c115454a98fb05fea84cc4f9838c96f34e1282 | Triage

Sharing

General

Target

9b2d36dbc697798c6f48b2117abbdf90N.exe
Size

212KB
Sample

240802-nvr8gswemr
MD5

9b2d36dbc697798c6f48b2117abbdf90
SHA1

a4b3dcf222cc7e8e0d4179d5c220d632b01fd244
SHA256

8301b0a6fd1f48adcf0a61ce61c115454a98fb05fea84cc4f9838c96f34e1282
SHA512

436168bc7780efc56bbf0305409e75235ef9088aeeaf369dda24d30e75ee52107be10cfa4f6df9a6c5f4dd101b63c5b3cc0d7931921ea712e251dbe964296e3c
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  9b2d36dbc697798c6f48b2117abbdf90N.exe
- Size
  
  212KB
- MD5
  
  9b2d36dbc697798c6f48b2117abbdf90
- SHA1
  
  a4b3dcf222cc7e8e0d4179d5c220d632b01fd244
- SHA256
  
  8301b0a6fd1f48adcf0a61ce61c115454a98fb05fea84cc4f9838c96f34e1282
- SHA512
  
  436168bc7780efc56bbf0305409e75235ef9088aeeaf369dda24d30e75ee52107be10cfa4f6df9a6c5f4dd101b63c5b3cc0d7931921ea712e251dbe964296e3c
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm