vobfus | df3397ad00e3bf8339f0ee843302a86148a6651f27a2721a798862fad2be8597 | Triage

Sharing

General

Target

df3397ad00e3bf8339f0ee843302a86148a6651f27a2721a798862fad2be8597
Size

83KB
Sample

240831-c7grqs1fka
MD5

c4a2cdd3982c374a45377792a3241cc0
SHA1

80c132cf633acb2b64ac672251165d5b42db7592
SHA256

df3397ad00e3bf8339f0ee843302a86148a6651f27a2721a798862fad2be8597
SHA512

8e139185c908d1be6da5cdff97c4e263a8cb4fa50f5796601c75901498b8f9ac8d54947d0fd07ebc6913c56beac0b1f6dd24c5eaf7c72989de81274f849a606e
SSDEEP

1536:DhaheUI/FXWsvaEX2yMxw+QWjmR9q4Sh2hht+1ipdTKOqmil2:VKed9XWsPExTAHq4SM2yRqNg

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  78f1437e6e579e0d877095d8480e1b94e751ed9fd90228dae065fa7960decbe1
- Size
  
  204KB
- MD5
  
  570a87689b233a07f3caeb035c996015
- SHA1
  
  c96abacd312c98104f80741ebb6b3d273d3e674a
- SHA256
  
  78f1437e6e579e0d877095d8480e1b94e751ed9fd90228dae065fa7960decbe1
- SHA512
  
  bd0cef71d7bd18b46b4dbc0f7ddf7212051e2432f74767a89f1fd5c2bfc241eaf8edf54d8c57b97e0cef6678b47807ad670f3aace53551c454c693b5a2435fbb
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm