vobfus | 58c1e3ccd405a65d046a6d3d8e235fb2175d72e5966d94a5340e7d18ee406c1f | Triage

Sharing

General

Target

04bdcfaf1056e3804c27da6e01f767fa.zip
Size

83KB
Sample

240901-ndt1razblg
MD5

705f6832605ba6cd85f8ec6b729b0bf6
SHA1

dda5ded9b0daef77600996e3db3b5d7dca00ab1b
SHA256

58c1e3ccd405a65d046a6d3d8e235fb2175d72e5966d94a5340e7d18ee406c1f
SHA512

b79330b69422e560a7a16476e65e117973b43af506af747eb5d9dd798e9a60ab925113818deb16144825556ea556a5b467e6a33d5e674f8068d6466e2875d3eb
SSDEEP

1536:RjwHI7W9NF61kLdGrRx56UNW2LOPDFwPWk832X2WaktbXR/NKzNPO/eastXs0sW:tHMNKkLwbpNW2Le6PWpGXB54Ju7st/

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  ed7662c5bfa5fbf91743927533ce85f050ae4e3485316ee4c97923605eb13e0a
- Size
  
  204KB
- MD5
  
  04bdcfaf1056e3804c27da6e01f767fa
- SHA1
  
  c84b6b8f4687f6701417ca669c396bb0b64e4d15
- SHA256
  
  ed7662c5bfa5fbf91743927533ce85f050ae4e3485316ee4c97923605eb13e0a
- SHA512
  
  149079fda42d4ed295a4c1d1e9111c7f5cd5ef14c0cc0e4f097ca1c58e384fdef0ec3589c194185055b79a2d0a5bcee7ae0723294f9eeee2c173681644dca549
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm