vobfus | 7934fec97cf87b272a132b5540d73a10ddaac7f8fe65ae0f606eabd9cf1d9c6d | Triage

Sharing

General

Target

5feb559ece12fa1508873bf531112884.zip
Size

83KB
Sample

240901-p1n9fs1ckp
MD5

6fe8e44e4411404dc0b86d80ef292bff
SHA1

d6d51071483dbc8c2e3f3f83565c5c29de39c2db
SHA256

7934fec97cf87b272a132b5540d73a10ddaac7f8fe65ae0f606eabd9cf1d9c6d
SHA512

eea48fa6c6041bd1595378185a8873d308789fbdd59936deb9f95be8646a927f1267c50fb9c50ae83bb21342030220b897ec47b58db0e9229b350cee74d9d5ff
SSDEEP

1536:+EdC/qhGOpkJLU4XXl9EN5EvfpZn8unlXfs1cN7m6ggTZb/ds5:tCyhGOG7XcqxlXfs1ogUbls5

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  164f5d77e96208abd1a54db7d76297e5c219109f2502a9f3e1f15d46dfb2b157
- Size
  
  204KB
- MD5
  
  5feb559ece12fa1508873bf531112884
- SHA1
  
  a20c4dfead844d5d433b0410e82f794aed2ab223
- SHA256
  
  164f5d77e96208abd1a54db7d76297e5c219109f2502a9f3e1f15d46dfb2b157
- SHA512
  
  0059cd5eefe852c878042f71e072a94f00f72cf8fc66af81db52b11e956f880060ec63f55c535ec30578528aeeddea762138239bd66bf3bfa221c103e1568b47
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm