vobfus | 3aae6e0384895349e46eaa61444c701c8c052af823b2fab5a11bb96fcf6362fa | Triage

Sharing

General

Target

3aae6e0384895349e46eaa61444c701c8c052af823b2fab5a11bb96fcf6362fa
Size

83KB
Sample

240831-pprv7stbpp
MD5

33eb11a7bf2e1bcb10508e7d43d9f81c
SHA1

3d99c226c9de61f86327d3650d2001f918211332
SHA256

3aae6e0384895349e46eaa61444c701c8c052af823b2fab5a11bb96fcf6362fa
SHA512

f063aa729f156093202f7ae2f26d6019b3b6ef67f1451aa1a1ff5731aad6907f6ff90e78d3b4231ad99f96e85b6e344d309c0f2a19f034be49a050b338f8050d
SSDEEP

1536:1K60wUq8QDTq6bgbXoT8OLi/NBO6lxUNpf1jgBXbvs/bYsidxVTq0J7Ni:1K6RUnQDtfTBLi/O6lxcjjo+sFxBtJ74

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  16cc455f3264931ad4ed9dba96987580d6dc69fbf132557492e4ccee0127cc52
- Size
  
  204KB
- MD5
  
  b3ebc5a8d4006c203f6fd68762071a4d
- SHA1
  
  f2f96fcf195bc828a38ceb1b6e51c820ef1103ff
- SHA256
  
  16cc455f3264931ad4ed9dba96987580d6dc69fbf132557492e4ccee0127cc52
- SHA512
  
  8690a259bd4ecd21c76850ac43db47e86056cff2c4dc4d008c2c12caecf5ae17a303236e44b4ba56add1a8da039d8cb0cfad12ed2653b3893e8e0fb0749fbfd2
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm