vobfus | 08994fa356f6a16e8558f7dc35e66367c5162d314465d18a499d98297551647e | Triage

Sharing

General

Target

f57b3ba8ad17d01ac7e0e51a6903c82a_JaffaCakes118
Size

826KB
Sample

240925-h44d8avgle
MD5

f57b3ba8ad17d01ac7e0e51a6903c82a
SHA1

6c9d325c96b6abd55bf95c9308a8b72eca8c992d
SHA256

08994fa356f6a16e8558f7dc35e66367c5162d314465d18a499d98297551647e
SHA512

48e8cf3f46284d80b5fae618e5c76e66fa996dc65f3cdb2103a4168a225d8d943ac8dbffe463d4e56dcbaf06e05d7b83686d2593b9faa23c05f2a663dd13c8ec
SSDEEP

6144:Xo/BHng5HaVG4G/1z+QVMbg1do/BHng5HaVG4G/1z+QVMbg1do/BHng5HaVG4G/5:4ZgaYiZgaYiZgaYzZgaV

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  f57b3ba8ad17d01ac7e0e51a6903c82a_JaffaCakes118
- Size
  
  826KB
- MD5
  
  f57b3ba8ad17d01ac7e0e51a6903c82a
- SHA1
  
  6c9d325c96b6abd55bf95c9308a8b72eca8c992d
- SHA256
  
  08994fa356f6a16e8558f7dc35e66367c5162d314465d18a499d98297551647e
- SHA512
  
  48e8cf3f46284d80b5fae618e5c76e66fa996dc65f3cdb2103a4168a225d8d943ac8dbffe463d4e56dcbaf06e05d7b83686d2593b9faa23c05f2a663dd13c8ec
- SSDEEP
  
  6144:Xo/BHng5HaVG4G/1z+QVMbg1do/BHng5HaVG4G/1z+QVMbg1do/BHng5HaVG4G/5:4ZgaYiZgaYiZgaYzZgaV
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm