vobfus | f25b82c8ed60dab26830a9c1937368932d1f6e1eabb040fc3460369333366823 | Triage

Sharing

General

Target

JaffaCakes118_dd50851454222c21f9db1210aa0e0f8b
Size

204KB
Sample

250110-hahknaxpem
MD5

dd50851454222c21f9db1210aa0e0f8b
SHA1

11accb706b7b5f1b388ca4cea6089afb658bb297
SHA256

f25b82c8ed60dab26830a9c1937368932d1f6e1eabb040fc3460369333366823
SHA512

cbc62625432e4a0d0a48b283d64092d0de6977d934e1b5b1c5ac9991f9770858098569ede61e0a92d3818a4b1b18a7a705949f2737ef95930c3f7c7f6abfa4f0
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_dd50851454222c21f9db1210aa0e0f8b
- Size
  
  204KB
- MD5
  
  dd50851454222c21f9db1210aa0e0f8b
- SHA1
  
  11accb706b7b5f1b388ca4cea6089afb658bb297
- SHA256
  
  f25b82c8ed60dab26830a9c1937368932d1f6e1eabb040fc3460369333366823
- SHA512
  
  cbc62625432e4a0d0a48b283d64092d0de6977d934e1b5b1c5ac9991f9770858098569ede61e0a92d3818a4b1b18a7a705949f2737ef95930c3f7c7f6abfa4f0
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm