vobfus | 402b7f6127a11b824e618e6bc2adb6005a46081fe9252020cacabdb32c4a6302 | Triage

Sharing

General

Target

JaffaCakes118_6c3c5dd37301cefb88af00b46cb67587
Size

204KB
Sample

250103-ndk3vatkaq
MD5

6c3c5dd37301cefb88af00b46cb67587
SHA1

87f871215a1a786ce9ce477620fbbdaf8c86d5b7
SHA256

402b7f6127a11b824e618e6bc2adb6005a46081fe9252020cacabdb32c4a6302
SHA512

98cfd9402657bd4184acba374d1a82de3b290bb6cdb55eb1017505f10e38925c4360ba6acc4a2ca4ff0ad83904ed89d56cac844b8bd9621a0080b096dacd1ff0
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_6c3c5dd37301cefb88af00b46cb67587
- Size
  
  204KB
- MD5
  
  6c3c5dd37301cefb88af00b46cb67587
- SHA1
  
  87f871215a1a786ce9ce477620fbbdaf8c86d5b7
- SHA256
  
  402b7f6127a11b824e618e6bc2adb6005a46081fe9252020cacabdb32c4a6302
- SHA512
  
  98cfd9402657bd4184acba374d1a82de3b290bb6cdb55eb1017505f10e38925c4360ba6acc4a2ca4ff0ad83904ed89d56cac844b8bd9621a0080b096dacd1ff0
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm