vobfus | af2e55d3d86fe50d98dc67fcf9ff17f5166a257b702cf42a2a4e27164e932fc2 | Triage

Sharing

General

Target

JaffaCakes118_3e8b95bbd510d1584b34fd5099b28bb6
Size

200KB
Sample

241231-3jqylsxpbk
MD5

3e8b95bbd510d1584b34fd5099b28bb6
SHA1

686cf362ef8003fc306aeac311bf66ce70217231
SHA256

af2e55d3d86fe50d98dc67fcf9ff17f5166a257b702cf42a2a4e27164e932fc2
SHA512

8efdaa445bdb93847da0e77f2b8b2f63fc9aecae81bfe4c60c745c4a32e5afa5b2a0819dbd4c9737de20337203f784ceb2515c787c6a7f61a6037d62a950b0d4
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_3e8b95bbd510d1584b34fd5099b28bb6
- Size
  
  200KB
- MD5
  
  3e8b95bbd510d1584b34fd5099b28bb6
- SHA1
  
  686cf362ef8003fc306aeac311bf66ce70217231
- SHA256
  
  af2e55d3d86fe50d98dc67fcf9ff17f5166a257b702cf42a2a4e27164e932fc2
- SHA512
  
  8efdaa445bdb93847da0e77f2b8b2f63fc9aecae81bfe4c60c745c4a32e5afa5b2a0819dbd4c9737de20337203f784ceb2515c787c6a7f61a6037d62a950b0d4
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm