vobfus | df6a8da1621cbcf76de30d5f3b5becc14136c5982c06fcda8363a2cc6272a01f | Triage

Sharing

General

Target

JaffaCakes118_65de4d64441311873f1236c13ad06d26
Size

204KB
Sample

250107-qvqqrstjez
MD5

65de4d64441311873f1236c13ad06d26
SHA1

b9fdc87a0b5dba2f2bc0a63b080b81f2c09b699a
SHA256

df6a8da1621cbcf76de30d5f3b5becc14136c5982c06fcda8363a2cc6272a01f
SHA512

1c8ff89ca8830e98ffa8b501e8d513f8cac36e8830941b18df6e746deacd0f985fb8bbd56092e4bd5587ed72b65968724f9e95a37017bcbdac1d82f0a91d13f7
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1T:Xo/BHng5HaVG4G/1z+QVMbg1T

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_65de4d64441311873f1236c13ad06d26
- Size
  
  204KB
- MD5
  
  65de4d64441311873f1236c13ad06d26
- SHA1
  
  b9fdc87a0b5dba2f2bc0a63b080b81f2c09b699a
- SHA256
  
  df6a8da1621cbcf76de30d5f3b5becc14136c5982c06fcda8363a2cc6272a01f
- SHA512
  
  1c8ff89ca8830e98ffa8b501e8d513f8cac36e8830941b18df6e746deacd0f985fb8bbd56092e4bd5587ed72b65968724f9e95a37017bcbdac1d82f0a91d13f7
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1T:Xo/BHng5HaVG4G/1z+QVMbg1T
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm