vobfus | 63ba0e5cd54b96e9b0fcebeb66e2dab5662c813c7ee7886f5f77912f1c0774de | Triage

Sharing

General

Target

7b8474a3424cff431e0afff8cf5bf4cc.zip
Size

83KB
Sample

240901-b6hrzayaqf
MD5

c1ddd7fbf18ffd57997280d52934b9cc
SHA1

e7c05f901c664c92204e28da07e4ff770b32e5ed
SHA256

63ba0e5cd54b96e9b0fcebeb66e2dab5662c813c7ee7886f5f77912f1c0774de
SHA512

c11dd14a950e7ebc910715abe551e77b5e521b15d03e91d8d4f2076ea73fe7278b652aad83b3bb3e0c93e83c4c5968a8ed144cb08187bc30ed53d6f8073a712c
SSDEEP

1536:wb+SLplYXqjJ8HRyVKSjyRCJy0+8ay6jRuzPOUESRRHiFS8A:mF6XqjJ+ywSuRB0+NBKqFG

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  bba873f28487d3f7eb53b66f2c2894d6041ed003b9c4ab4aab27e8cbfddf80c5
- Size
  
  204KB
- MD5
  
  7b8474a3424cff431e0afff8cf5bf4cc
- SHA1
  
  bf6a5344c0be5bd3cdae8af60ddeffb8ac63092c
- SHA256
  
  bba873f28487d3f7eb53b66f2c2894d6041ed003b9c4ab4aab27e8cbfddf80c5
- SHA512
  
  28cdd823a4b7986f8e70e48ce21e14b3760db0ea9809a2ca5fa96acd42e1c1100c991f3f384d79e1833d3141ea4bf79a7a51165eb0458a1e2b471e2f375a64c5
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm