vobfus | f9e2bd19fe0335e33a9f27f661a9cf1ef979623007eb75b120472f8b9e77848c | Triage

Sharing

General

Target

JaffaCakes118_fe031522eaf2bd94e399d452dab8142c
Size

204KB
Sample

250111-lypknayjdr
MD5

fe031522eaf2bd94e399d452dab8142c
SHA1

f58bf292eee8b41496a0dd66e001db0f317bd002
SHA256

f9e2bd19fe0335e33a9f27f661a9cf1ef979623007eb75b120472f8b9e77848c
SHA512

b250d9853786ee86ce4efc457d9bdad06c38cdc176595d42493731aaec16983fda34deb92f7c07dbe13ffa0b33d362790058cdd225c1c265f95dcf72791206aa
SSDEEP

3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1

Score

10^/10

vobfus discovery persistence worm

Malware Config

Targets

- Target
  
  JaffaCakes118_fe031522eaf2bd94e399d452dab8142c
- Size
  
  204KB
- MD5
  
  fe031522eaf2bd94e399d452dab8142c
- SHA1
  
  f58bf292eee8b41496a0dd66e001db0f317bd002
- SHA256
  
  f9e2bd19fe0335e33a9f27f661a9cf1ef979623007eb75b120472f8b9e77848c
- SHA512
  
  b250d9853786ee86ce4efc457d9bdad06c38cdc176595d42493731aaec16983fda34deb92f7c07dbe13ffa0b33d362790058cdd225c1c265f95dcf72791206aa
- SSDEEP
  
  3072:3Hjk+0oLnWFnzBHv/xWFsg8WatFBGFVWPE5ac0pG/1z+QVMbg1:Xo/BHng5HaVG4G/1z+QVMbg1
Score

10^/10

vobfus discovery persistence worm
- Vobfus
  A widespread worm which spreads via network drives and removable media.
  worm vobfus
- Vobfus family
  vobfus
- Adds policy Run key to start application
  persistence
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

vobfusdiscoverypersistenceworm

behavioral2

vobfusdiscoverypersistenceworm