vobfus | efbd46dbc9325157d10f14595213095e741233e61a02a1c162edd7bcaebf21f5 | Triage

Sharing

General

Target

d7b6b45d9fad96e93bf16e334753b4dd_JaffaCakes118
Size

574KB
Sample

240910-g78mnszfnm
MD5

d7b6b45d9fad96e93bf16e334753b4dd
SHA1

b5354be698a980d9792fb284c897ec21a8085da3
SHA256

efbd46dbc9325157d10f14595213095e741233e61a02a1c162edd7bcaebf21f5
SHA512

a87d4d516e3f13b5b4e5f02f04bd1a6777a3e58b05a54bc819839f0c4cbb7dce9d20362f4fc3f7e5e59009ef6aba300c855288a8abc5ae960e024fcaaf2c2eac
SSDEEP

6144:Xo/BHng5HaVG4G/1z+QVMbg1do/BHng5HaF:4ZgaYiZgaF

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  d7b6b45d9fad96e93bf16e334753b4dd_JaffaCakes118
- Size
  
  574KB
- MD5
  
  d7b6b45d9fad96e93bf16e334753b4dd
- SHA1
  
  b5354be698a980d9792fb284c897ec21a8085da3
- SHA256
  
  efbd46dbc9325157d10f14595213095e741233e61a02a1c162edd7bcaebf21f5
- SHA512
  
  a87d4d516e3f13b5b4e5f02f04bd1a6777a3e58b05a54bc819839f0c4cbb7dce9d20362f4fc3f7e5e59009ef6aba300c855288a8abc5ae960e024fcaaf2c2eac
- SSDEEP
  
  6144:Xo/BHng5HaVG4G/1z+QVMbg1do/BHng5HaF:4ZgaYiZgaF
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm