vobfus | f9190e5f8c1f428b890e0b7992b6e7e42dbeb84f736d455054aa09f3aa82c75b | Triage

Sharing

General

Target

0ab5819896f72ee79caa5ef2ec19576f.zip
Size

83KB
Sample

240831-ta6g9ssckr
MD5

eb1cbd2ac15f2d21ae6141dc58782e07
SHA1

0601a53c483ce9b6404ce369c91ebff2a65a4143
SHA256

f9190e5f8c1f428b890e0b7992b6e7e42dbeb84f736d455054aa09f3aa82c75b
SHA512

d73fa647b0a9edc798a317d97dca660036d63864778c25c7bf922dbb168e383ebe73b16f166431da6faef6f4068e548e7c22e507b4d35a6f3a8b4f123e1f1731
SSDEEP

1536:WZnutNAMrXYh+rLAtS5IKSCd7ruW1WguUvDFpsuC3FNmGskx8sS6fwLBx:OnhorLAtS5+CdTlp2mK8KQH

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  be95b98a071c3a40aa009cb63740cc3ab67721a4b420e0c587303f13f8fd4368
- Size
  
  200KB
- MD5
  
  0ab5819896f72ee79caa5ef2ec19576f
- SHA1
  
  c16f2b050be087816be596c698225d2afaf8752c
- SHA256
  
  be95b98a071c3a40aa009cb63740cc3ab67721a4b420e0c587303f13f8fd4368
- SHA512
  
  4b4a76783f680b2a0a1ffdc04413387fc9949d15d27dac92b0b04bf9fd3659c4a780d06297867c89ae164cb0f34fcb5ee37b6f81360a3d46f02452e72dcad2be
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm