vobfus | 6d8e25f525323dc38eb567690e61d57d3213c484f27b37b2182338f77fe5bfea | Triage

Sharing

General

Target

6d8e25f525323dc38eb567690e61d57d3213c484f27b37b2182338f77fe5bfea
Size

83KB
Sample

240831-v3cakawekd
MD5

8213ad7c46f0bca77407161acc6276cb
SHA1

2db6ac61b4caed04ac63f4cfde4d768d21ed2e06
SHA256

6d8e25f525323dc38eb567690e61d57d3213c484f27b37b2182338f77fe5bfea
SHA512

1dddf6dd3ac8dd2acaab6e37d19e2dfd07c37eb6c2e1d7822b93b86abfe85d320c1448617d1cc3087b335c034bd30aaaa43ae5bb01fa59e045bdcc1f087f8cba
SSDEEP

1536:1JoaP0XFcXKtBB6IdMckHn2B6XLBUh1GHvu1f3faxgQ0KL4eQPk1ebkPTE:ga8WKtBZ2fXkivu1vfSMKEeQPkEbkLE

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  9dfddc53804b8d14662802a06eb9fc90497d807022544962805efa4367a1ebb3
- Size
  
  200KB
- MD5
  
  cecc831c80b338264785bc4ef0ee95d7
- SHA1
  
  3e8fa0b4a0de1343bc3c354545fa4066a6a10614
- SHA256
  
  9dfddc53804b8d14662802a06eb9fc90497d807022544962805efa4367a1ebb3
- SHA512
  
  edc11f5b1f71d2ef05caba4cf733cf0046f8126a057ed0f25513383a26c35f3ea537d30a50201099ff383d5a369b7a3e942ef674ebda034f3ca329edec976ed5
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm