vobfus | 2a79425e2eb1ce77d9769572b37fe291d71b334ec5bce6feb697740980c0c25c | Triage

Sharing

General

Target

JaffaCakes118_15299695bf6c296ceef921b34154f148
Size

204KB
Sample

250106-hvn8yazkdz
MD5

15299695bf6c296ceef921b34154f148
SHA1

8a569f95211477d00e84452f75e5110284f86b48
SHA256

2a79425e2eb1ce77d9769572b37fe291d71b334ec5bce6feb697740980c0c25c
SHA512

393fbe577185c3b14990c7f117376234e3167fa417f8cec9dda97340514aa1350c664fbc3001fec296fc87750e303fff8b215c486c9a3415106313a8f5458005
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_15299695bf6c296ceef921b34154f148
- Size
  
  204KB
- MD5
  
  15299695bf6c296ceef921b34154f148
- SHA1
  
  8a569f95211477d00e84452f75e5110284f86b48
- SHA256
  
  2a79425e2eb1ce77d9769572b37fe291d71b334ec5bce6feb697740980c0c25c
- SHA512
  
  393fbe577185c3b14990c7f117376234e3167fa417f8cec9dda97340514aa1350c664fbc3001fec296fc87750e303fff8b215c486c9a3415106313a8f5458005
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm