vobfus | f1639ceea43d91ca68e35c6d5ca329a581c8fd3926747f729c4b2aba696f6610 | Triage

Sharing

General

Target

JaffaCakes118_e2cea13213651faae62bd666d857a1a6
Size

200KB
Sample

250110-nc1f5sspgs
MD5

e2cea13213651faae62bd666d857a1a6
SHA1

1e4c9e1dc700673aa2f58a889021a3621cfcba8a
SHA256

f1639ceea43d91ca68e35c6d5ca329a581c8fd3926747f729c4b2aba696f6610
SHA512

efdc066bd66edd7732c2b68224b91895ee80939f475099ea0256821ef9e37b9424ff82e59b832d96783db41899476a4739e6d232ff981c3450b505d139f8d454
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_e2cea13213651faae62bd666d857a1a6
- Size
  
  200KB
- MD5
  
  e2cea13213651faae62bd666d857a1a6
- SHA1
  
  1e4c9e1dc700673aa2f58a889021a3621cfcba8a
- SHA256
  
  f1639ceea43d91ca68e35c6d5ca329a581c8fd3926747f729c4b2aba696f6610
- SHA512
  
  efdc066bd66edd7732c2b68224b91895ee80939f475099ea0256821ef9e37b9424ff82e59b832d96783db41899476a4739e6d232ff981c3450b505d139f8d454
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm