General

  • Target

    JaffaCakes118_05032772e8284dbb5a9294f20b4c46f0

  • Size

    260KB

  • Sample

    250516-abxf7ssxfz

  • MD5

    05032772e8284dbb5a9294f20b4c46f0

  • SHA1

    994c1173c501ced7dad945941e26ddafe87bcf27

  • SHA256

    917f1c2a68c9e3971cde7a170732b52a63546a6f5fb0f469027396247aab294a

  • SHA512

    47e6973d907be6a4ba8c2434f4f02ac9c3ee6ce438bef1719138c281260a0eb28b0cdd8a434c40af2d61535dcf6df7f15308e96718cd56781d4f0d51916f9d40

  • SSDEEP

    3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1v:PWkWXV9wUezUroW+tCmCCfNGE

Malware Config

Targets

    • Target

      JaffaCakes118_05032772e8284dbb5a9294f20b4c46f0

    • Size

      260KB

    • MD5

      05032772e8284dbb5a9294f20b4c46f0

    • SHA1

      994c1173c501ced7dad945941e26ddafe87bcf27

    • SHA256

      917f1c2a68c9e3971cde7a170732b52a63546a6f5fb0f469027396247aab294a

    • SHA512

      47e6973d907be6a4ba8c2434f4f02ac9c3ee6ce438bef1719138c281260a0eb28b0cdd8a434c40af2d61535dcf6df7f15308e96718cd56781d4f0d51916f9d40

    • SSDEEP

      3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1v:PWkWXV9wUezUroW+tCmCCfNGE

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks