vobfus | 9ad79c0d537c12f7b47fa0726dbdf2706a03dd9662d8892bdc4045dad3b01c4d | Triage

Sharing

General

Target

9ad79c0d537c12f7b47fa0726dbdf2706a03dd9662d8892bdc4045dad3b01c4d
Size

83KB
Sample

240902-llawqsyblf
MD5

db65364a710f4c68f7a60fa57154b6f7
SHA1

291f50c95041f5999a3f3dc6e38e9cad5f169ddb
SHA256

9ad79c0d537c12f7b47fa0726dbdf2706a03dd9662d8892bdc4045dad3b01c4d
SHA512

76d987025894a4c0e9ca97b5133050a72d1889547adc5b94de2707d799a2401353d88f974a832f4b3b88fdf04b3cb033951f84e9d2b36af23e1910d11d1689ee
SSDEEP

1536:SPbfqTDIwbn5cSFcyncZuENNkUDSMATSZwUZi2RzW0C7wsLPWDUvpU7:TTD3X1CuqaUW3S9BrC7XLPWDmi

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  fc7c419991d8e3521fac232994fd6ec24127defbf35fb6a7eaedf280310e6b97
- Size
  
  204KB
- MD5
  
  c013422f5714981b7813d3dd73b7ddfc
- SHA1
  
  4fe415fe185911e1bbce18c34c790fa0d3d35275
- SHA256
  
  fc7c419991d8e3521fac232994fd6ec24127defbf35fb6a7eaedf280310e6b97
- SHA512
  
  935cff53efc66b4a6a44a40ad297593dfb57c9789ca18cfef0298878c8de75d77747bdf9cb130161fa88e4620ac3d2b3a66d9c7a11e21d6d541c548e4c3e7c7d
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm