vobfus | 6ac6515ecb4eddfaef778983fef7d650d63828ef7763da3a51bbb48c51c5632b | Triage

Sharing

General

Target

6ac6515ecb4eddfaef778983fef7d650d63828ef7763da3a51bbb48c51c5632b
Size

83KB
Sample

240831-j4855stfqe
MD5

0534f90f4c8deca1b12590adb9246d0b
SHA1

e0ed1ec1425f7f330078af4ac9edd47d639862c9
SHA256

6ac6515ecb4eddfaef778983fef7d650d63828ef7763da3a51bbb48c51c5632b
SHA512

3bf4019ff03b17b67e6b0cfb75bd5c8b73a089d8a514409f3ce58a503d24f24ccfec1fa7d0fce13a26f3560d482e8c38d9716f0a72a73cc62fb1faa2fc49eee3
SSDEEP

1536:1jIWQfvKfOafhP3BRSiOCDyRvw6Rn3vRPUSViVmu5JN9xLt+EO7dKLnfjYi86YDG:ZILymuDy9ffRPZwb3xXKdW8nG

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  92df28c68ed5ad8ecaab2986d0379a76c31ba5937511dba2c7c2847589d5bf2e
- Size
  
  204KB
- MD5
  
  9da31c799423c6fdc3c45a753b03577d
- SHA1
  
  a6d1084fe6e6f81a07a54716d7674e061c9948db
- SHA256
  
  92df28c68ed5ad8ecaab2986d0379a76c31ba5937511dba2c7c2847589d5bf2e
- SHA512
  
  54b39f0619d1c8265c520f8587c12d99a65b34fd936b939d54d7a6a250051e3ffd90ab075aed7e2b14fc6fa9f7ef12ecb41b8ee5ab255d655800c4ada703f666
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm