vobfus | dba4c1ef7ffd8e9d819faec504117c36f8a47b63fd5c9afa3bad73c21b5cada8 | Triage

Sharing

General

Target

dba4c1ef7ffd8e9d819faec504117c36f8a47b63fd5c9afa3bad73c21b5cada8
Size

83KB
Sample

240831-v25wgswfjj
MD5

f5568c29e8f3e343a889c7371ae64c48
SHA1

d4457366898942df01d5788ca2ff0e6144838639
SHA256

dba4c1ef7ffd8e9d819faec504117c36f8a47b63fd5c9afa3bad73c21b5cada8
SHA512

0fe3fd4e776353941a2fc131f0b4f8e1b2ff8d05b3a642af104aa45c70a34a23b308e032f8e6be9125caaf9b5b675334cdc5de841e7a436b6567ac8e3b76fcd9
SSDEEP

1536:Nahq0vIqdhdWNc57nAJ/DMlJi/EjrXefCivwymeLd/ymSRHAweUUuSHp5mFVa:Nahq0wIplsuv1arJ/G9A5UUuO5t

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  294b0494baf481b0ca707436f22e26ec26902fdb12b3cb91e31dc2ea52e26720
- Size
  
  204KB
- MD5
  
  b74bd0eaf068f5f5a0e9b6d47fb10bc8
- SHA1
  
  7dc822ac335921591f28cd0fe9d557e92326ddf2
- SHA256
  
  294b0494baf481b0ca707436f22e26ec26902fdb12b3cb91e31dc2ea52e26720
- SHA512
  
  7d6eb7ec57d2964924c90284a8f438cd0e5c599c5063f0459a2c32b43d6f50826e0b253a2d7db9476ee9ef797d3081ccac2485a305dad1e257a670aaa9d133a7
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm