General
-
Target
3f0a46b1febcd33e25da42f6b491a273_JaffaCakes118
-
Size
285KB
-
Sample
250704-e483xsap8v
-
MD5
3f0a46b1febcd33e25da42f6b491a273
-
SHA1
2b98f85d3b6514856dfe55401c68e200a7e21bd3
-
SHA256
033570bf95d42dad2652ed0662a2369d954d4580d1b872ea44041697d0edc237
-
SHA512
2545524a7c9052cb1df1d561cc9b9c6b1decbc3c0ca708f3836739657d4f0f8f59a7301499827ec000b1902516d17947d3c9819557b08c356ef665689639e5e9
-
SSDEEP
6144:pnt7lIlDAroRJ+RJsKfnwpaxJ9nKcVhvr7DFLPLegEF4x3ddRUYC:pnVyDsnRhKcVhvr7RLPLeF4x3dPtC
Behavioral task
behavioral1
Sample
323CANON.EXE_WORM_VOBFUS.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral2
Sample
WORM_VOBFUS.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral3
Sample
WORM_VOBFUS.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral4
Sample
WORM_VOBFUS.exe
Resource
win10v2004-20250610-en
Malware Config
Targets
-
-
Target
323CANON.EXE_WORM_VOBFUS.SM01
-
Size
300KB
-
MD5
70f0b7bd55b91de26f9ed6f1ef86b456
-
SHA1
d774cdaa9082ac15feb9514e7364d76092a6807a
-
SHA256
fe32599d6f2d1a874b65928cfd01a87f9d0a83d2b1e30b8f1148c8ad8aefd985
-
SHA512
3928885f382a5f833eb2c2b4641b8227138dce4cb161cae3049e837ba13384119ec8aaf70c6e85c99583c07db18bbaab77e19bdc3485f9e23adb3be3d0ab7912
-
SSDEEP
3072:XMIQ/iifD4gfGWKdbKsQOO1HobSp0xl6EPpc4VpJzNDdlcjBPZz:XBciib4gfGWcmsQobG0xlfPpndiVPB
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
WORM_VOBFUS.SMA3
-
Size
212KB
-
MD5
7b19b2b8aed0285eb2b2c5cb81313569
-
SHA1
e0a536ed1b6c6f202412079e1213305543b533a3
-
SHA256
e54bbabcaed8ace734f53234a44ad1e697e9cd2252255b59906fc5e3322c1be6
-
SHA512
31f79937bb4aba8aecd95daf310c9dd22f06f4f842f4bae64502e27e44aa3ef26f25d8d72adae36f25aa4db6f7b229926dc8bda4d09613f7d1f6968a15cc2eb0
-
SSDEEP
3072:/lh+mENvtRR3FmHmpF+CklMnQIKAWNBlm/XBq6ciFCdaNdVOvs:9h+NNFRRCmpF+CklMYuFciFC+Ok
Score10/10-
Modifies visiblity of hidden/system files in Explorer
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
WORM_VOBFUS.SMIS
-
Size
188KB
-
MD5
634aa845f5b0b519b6d8a8670b994906
-
SHA1
82ad537a7acb18702a02b6dd2c6d12eaac0b3656
-
SHA256
7f7e5751277a0169ec2eb4492b0489ca850808f64b52e708f716f46ac160e54b
-
SHA512
63a72331fed9c53d593d2b572fc35efe24eb9d5d292cbe891765926de60987fefa0ddc95aa9037384e45f52015ef075c4ce9aaf9bd297e4e437f606104257cbf
-
SSDEEP
3072:dzimFU1cIsisNUbaxF6qJDe94aqosAm+w90Z69:tisYGDe94aqosAm+w90C
Score10/10-
Detects win.vobfus.
Malware of this family searches for computers on a network and creates copies of itself in folders with open access. For the program to be activated, the user must first run it on the computer.
-
Modifies visiblity of hidden/system files in Explorer
-
Vobfus family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
-
-
Target
WORM_VOBFUS.SMM2
-
Size
92KB
-
MD5
4e15d812491ff0454f1e9393675b1c60
-
SHA1
ec9291957872191902fb525641040b42e057acd8
-
SHA256
e4d0b740421cfba7e7e4a30a2a69d59486e7347979af94145fb8f335960c33d5
-
SHA512
9554e4e882a176b7b38b55dc2a80400354aae90a12e7e0c3a4f481e68032423f65f28c439621dc27fdf4c99e8ad10aaed949f140398970480c26aa574b7a5982
-
SSDEEP
768:29QXHugT0lvlq/P1vwwrnkjBt1TJk8vK8GSdrD9wGy241ZUb/CxhYLJP30UOEGaK:i0PuBpmUbaxeLd4IfmkBwC8BD+KBq2x
Score7/10-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Maps connected drives based on registry
Disk information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist
-
MITRE ATT&CK Enterprise v16
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
2