General
-
Target
Worm.Win32.Vobfus.EQ-2f38f3e5ff93dda7b69a76c5851830e28882d8db55c9ceac4413734010dd1b0aN
-
Size
204KB
-
Sample
240919-dq3tbaybnn
-
MD5
96d9306823100a8371b7602112aa8dc0
-
SHA1
cd04b8fe5db0c0d518bcae12ed02d2a3b30398a0
-
SHA256
2f38f3e5ff93dda7b69a76c5851830e28882d8db55c9ceac4413734010dd1b0a
-
SHA512
904c6d4c41cbc0bc7c282687e05f5248783a90f8b94fb968fc3e4577c48f79609b13070ea6c1092f707956cc18b9180bace348408230b7916454ce62788d9b3a
-
SSDEEP
3072:8mHW8K0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWqh:n2N4QxL7B9W0c1RCzR/fSmlt
Malware Config
Targets
-
-
Target
Worm.Win32.Vobfus.EQ-2f38f3e5ff93dda7b69a76c5851830e28882d8db55c9ceac4413734010dd1b0aN
-
Size
204KB
-
MD5
96d9306823100a8371b7602112aa8dc0
-
SHA1
cd04b8fe5db0c0d518bcae12ed02d2a3b30398a0
-
SHA256
2f38f3e5ff93dda7b69a76c5851830e28882d8db55c9ceac4413734010dd1b0a
-
SHA512
904c6d4c41cbc0bc7c282687e05f5248783a90f8b94fb968fc3e4577c48f79609b13070ea6c1092f707956cc18b9180bace348408230b7916454ce62788d9b3a
-
SSDEEP
3072:8mHW8K0tQ9nLHbB9W0c1TqECzR/mkSYGrl9ymgYUWqh:n2N4QxL7B9W0c1RCzR/fSmlt
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2