vobfus | 9d9ce1ce4a9287d6b35d1fd4674259e82683875414731d5b864eea359e9c3010 | Triage

Submit
Reports

Overview

overview

Static

static

7

4ab026da4f...c6.exe

windows7-x64

4ab026da4f...c6.exe

windows10-2004-x64

Sharing

General

Target

9d9ce1ce4a9287d6b35d1fd4674259e82683875414731d5b864eea359e9c3010
Size

93KB
Sample

240901-q1382ssflf
MD5

0443c77c859c6c03667ec82ebfba0b29
SHA1

ee5a844f6f8fae03c36df56991aa946f3e65bdfc
SHA256

9d9ce1ce4a9287d6b35d1fd4674259e82683875414731d5b864eea359e9c3010
SHA512

1d5e6b7ec44d751fa63449cf41ab9ca2cf5014f494e4d1cb0166215c49bf8138bb190cc9af40417d7bd474c1d57f401bb40d13a2f281dd007e978e8ee007632e
SSDEEP

1536:21zFPTYDH2uKavmgVe4EMa0gdMvKLD6ViPnjpRXQJZsvy3WIAZl+JgiEOXTemJkv:Ud4WyPVe4EZ5XPnjpuJyvyGl+JgiumJ+

Score

10^/10

vobfus discovery persistence upx worm

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4ab026da4f0df17224bf190c261dab72f06e40a3b15b44d79fdedaf401f615c6.exe

Resource

win7-20240704-en

vobfus discovery persistence upx worm

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

4ab026da4f0df17224bf190c261dab72f06e40a3b15b44d79fdedaf401f615c6.exe

Resource

win10v2004-20240802-en

vobfus discovery persistence upx worm

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  4ab026da4f0df17224bf190c261dab72f06e40a3b15b44d79fdedaf401f615c6
- Size
  
  224KB
- MD5
  
  5f9d4155858bf995f1120af29175bd40
- SHA1
  
  b49e28e45ddca86146fb398ad90c7aa9a6c76557
- SHA256
  
  4ab026da4f0df17224bf190c261dab72f06e40a3b15b44d79fdedaf401f615c6
- SHA512
  
  044c38007d6705ec01a6faaedad430f1de33ec98fc5de58412e4dd101cd1110f7ec5d5473c736c92e4a57ad76253ec6f3bb8c91dbbc1477a24e4a2cf33507959
- SSDEEP
  
  3072:vHjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1jm0+J:Po/BHng5HaVG4G/1z+QVMbg1jv+
Score

10^/10

vobfus discovery persistence upx worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceupxworm

behavioral2

vobfusdiscoverypersistenceupxworm

© 2018-2025

Terms | Privacy