vobfus | 0230dcf3d44f603d9132a92b7639e37fef2c1e3b8d9b7d5664a667aee34ba224 | Triage

Sharing

General

Target

9b02f5e0824722223db8980678b52a48.zip
Size

83KB
Sample

240831-erhefavera
MD5

67bc1d232c12daaa43aaba1330597df8
SHA1

b55529a3fe694762f58b2268078ddd8352c9bb90
SHA256

0230dcf3d44f603d9132a92b7639e37fef2c1e3b8d9b7d5664a667aee34ba224
SHA512

8be3149a3521a96dc0557d4fa109637b6342652dde5553f2cc78cfddc885187700a13d9d8a472bf386a839107269b02cfd653985f7e2bd32d8fea1533af926c6
SSDEEP

1536:BdyJn/2nuxoLC5d8KOrTFlgGpxhkn8HtspZhBVN3W9LRfRfzfaNSr1L0O0:BEn/YuxzexTQehknyspZhBH3W91fdzfC

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  8a7c9af0feb64e3eec44d184e9818a8588d06513b6cfc417c073cbb4b988dea0
- Size
  
  204KB
- MD5
  
  9b02f5e0824722223db8980678b52a48
- SHA1
  
  cb50c2eaeabb17a89ad5a631345a79f2f24acc68
- SHA256
  
  8a7c9af0feb64e3eec44d184e9818a8588d06513b6cfc417c073cbb4b988dea0
- SHA512
  
  08641e16f001dc3816a1918ca276d6fb5d6dc0546440c488aa276f6cd1517d982ff0f8ddec88181fcc92c34920cd52aa21706be06c136c37e87ba36278557de2
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm