vobfus | 97dc784986e8cfb8bf72598ba693ca0088b1d12f8ec8215acad433e4a08f9a2a | Triage

Submit
Reports

Overview

overview

Static

static

7

00cef7f4d9...9b.exe

windows7-x64

00cef7f4d9...9b.exe

windows10-2004-x64

Sharing

General

Target

97dc784986e8cfb8bf72598ba693ca0088b1d12f8ec8215acad433e4a08f9a2a
Size

93KB
Sample

240831-v26g1swfjl
MD5

88d3fa13bbf63db1267d088ce1b8f268
SHA1

cc931106ded6f89fd30139d0b81d50ba9f18fadf
SHA256

97dc784986e8cfb8bf72598ba693ca0088b1d12f8ec8215acad433e4a08f9a2a
SHA512

ac0e830ca0ce6a116085a93e37653294dd8e59b61d6eb68bd51416d170e0b8447723fe95b8f6c13c8474031b71adb3e3a0e81591a26b5dbcc18bbcf0c867db48
SSDEEP

1536:lmPHO35zMifZaJ1NVaL99/XgJt2KKXmKrefDNLSwDghi4qAFk3MUEG:9aJ1PaLPYJt2KKlefDzshIWk31

Score

10^/10

vobfus discovery persistence upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

00cef7f4d996791b82a9d1885afebd185e92174ab115a292167c6d55fd80e19b.exe

Resource

win7-20240704-en

vobfus discovery persistence upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

00cef7f4d996791b82a9d1885afebd185e92174ab115a292167c6d55fd80e19b.exe

Resource

win10v2004-20240802-en

vobfus discovery persistence upx worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  00cef7f4d996791b82a9d1885afebd185e92174ab115a292167c6d55fd80e19b
- Size
  
  224KB
- MD5
  
  b49e5cee6853409f78202e39674b5b2b
- SHA1
  
  46a5d8212427fca9cfad1dd00cd38a44fe1e30f9
- SHA256
  
  00cef7f4d996791b82a9d1885afebd185e92174ab115a292167c6d55fd80e19b
- SHA512
  
  5db759ec344a2568b0a7fa4bfcb5b758f8da1a73027fe28510a3c85facdff7c3975e4e44ffe948cdd3df72021f160842f347c3aeb93240d5c54faa7778136fcd
- SSDEEP
  
  3072:vHjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1jm0+J:Po/BHng5HaVG4G/1z+QVMbg1jv+
Score

10^/10

vobfus discovery persistence upx worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceupxworm

behavioral2

vobfusdiscoverypersistenceupxworm

© 2018-2025

Terms | Privacy