vobfus | 43ff037737ffba75364ef3f6228296d256f4e607487b16dfa5af4a57212ea5b0 | Triage

Sharing

General

Target

JaffaCakes118_1de2da7e81fad7cf542b5ac3e295da07
Size

200KB
Sample

241231-qhrsas1ret
MD5

1de2da7e81fad7cf542b5ac3e295da07
SHA1

2b6ac129f55c7a715bea221a44f484392f5124b1
SHA256

43ff037737ffba75364ef3f6228296d256f4e607487b16dfa5af4a57212ea5b0
SHA512

6a12e7ae28ba67bd52d3f8870d1412e526240fb90115f71af8cc3b2b8015bc542b50c23f13570af4ed515a656870ce4d43b4a042edb27575a98cef72b10f2397
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_1de2da7e81fad7cf542b5ac3e295da07
- Size
  
  200KB
- MD5
  
  1de2da7e81fad7cf542b5ac3e295da07
- SHA1
  
  2b6ac129f55c7a715bea221a44f484392f5124b1
- SHA256
  
  43ff037737ffba75364ef3f6228296d256f4e607487b16dfa5af4a57212ea5b0
- SHA512
  
  6a12e7ae28ba67bd52d3f8870d1412e526240fb90115f71af8cc3b2b8015bc542b50c23f13570af4ed515a656870ce4d43b4a042edb27575a98cef72b10f2397
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm