vobfus | 7a15cef4876112ee08d52211595df8607159e3f1af69bcbc19f722ec014a1699 | Triage

Sharing

General

Target

JaffaCakes118_8e2d639dde8e416332202439a4135710
Size

204KB
Sample

250108-f8fslswmgt
MD5

8e2d639dde8e416332202439a4135710
SHA1

a3c795eb4e235723911096a8f63f8dda74f4c5b5
SHA256

7a15cef4876112ee08d52211595df8607159e3f1af69bcbc19f722ec014a1699
SHA512

1f36ea10c4f68e676f6c54d0cc7e68f6cb7c4fdcf2437514095dca6d7fd5511b82aba281d1ab7587b3ce2fdef605e4b28c51e1ae45da03bd1d06d7ae7cc031e1
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_8e2d639dde8e416332202439a4135710
- Size
  
  204KB
- MD5
  
  8e2d639dde8e416332202439a4135710
- SHA1
  
  a3c795eb4e235723911096a8f63f8dda74f4c5b5
- SHA256
  
  7a15cef4876112ee08d52211595df8607159e3f1af69bcbc19f722ec014a1699
- SHA512
  
  1f36ea10c4f68e676f6c54d0cc7e68f6cb7c4fdcf2437514095dca6d7fd5511b82aba281d1ab7587b3ce2fdef605e4b28c51e1ae45da03bd1d06d7ae7cc031e1
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm