vobfus | 989cc6eb3a90d93d47cbdc78230e80508cd821f22d81ddc67765bdbad1d55713 | Triage

Sharing

General

Target

989cc6eb3a90d93d47cbdc78230e80508cd821f22d81ddc67765bdbad1d55713
Size

83KB
Sample

240831-v24y7awerq
MD5

0f2d6d4de720710bca2ad8958b779b33
SHA1

6a0f783ff3f60b067fe8e1502b39b9f76b12d5a8
SHA256

989cc6eb3a90d93d47cbdc78230e80508cd821f22d81ddc67765bdbad1d55713
SHA512

61209c887fd824978bcacf6068b5c9afb31e7fe69043541fb0d792457e5b2b12297dbf355d7097475ed2375eeb60e98a964938430e4162f6d0cdc34cc7b8dcde
SSDEEP

1536:KZZVlEmCOINbHi0O/dX+VTGmsqueYFFRveuhAGW2ci4o0CdxBz6TUDoMU8mT8v+u:SZsmCOsBOwfsquBNe5jKbs6oMU8cPu

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  1abf342c788256fea89a96426efba2979f5bba081ed706c95facbdbcb5209f14
- Size
  
  204KB
- MD5
  
  012cb17c3aa46fade44e80c2cb831e7e
- SHA1
  
  276e04e8442fd537dcde45ae80ba9c9dfd41957b
- SHA256
  
  1abf342c788256fea89a96426efba2979f5bba081ed706c95facbdbcb5209f14
- SHA512
  
  86529eefb5a3de6e6036c347acfedfffa447903e4a0ec449fcf5ab3210c105320999d1ebbefa81431f43dccf99f020fd8d61026384299b5c2758553c40d30b84
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm