General

  • Target

    JaffaCakes118_05299b33763045f8f0d9efe6ed42c100

  • Size

    274KB

  • Sample

    250516-djvt5av1bz

  • MD5

    05299b33763045f8f0d9efe6ed42c100

  • SHA1

    48ee106e824fe8b3d191b0e78eaf7bef15964a22

  • SHA256

    1b56065558e05e855156516f74eb64301d4346c22a28c85dfb1adb573ef01b31

  • SHA512

    fd8c4585bffa1a899a3e5e40f81633540d27d9e485cf048d4b073df82f1d6e1baed2009d4fe9f84c27f69e590aed3d2a169a6cecd938026ff01517076a9789f1

  • SSDEEP

    3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmb:7WkWXV9wUezUroW+tCmCCfNG53Zpb

Malware Config

Targets

    • Target

      JaffaCakes118_05299b33763045f8f0d9efe6ed42c100

    • Size

      274KB

    • MD5

      05299b33763045f8f0d9efe6ed42c100

    • SHA1

      48ee106e824fe8b3d191b0e78eaf7bef15964a22

    • SHA256

      1b56065558e05e855156516f74eb64301d4346c22a28c85dfb1adb573ef01b31

    • SHA512

      fd8c4585bffa1a899a3e5e40f81633540d27d9e485cf048d4b073df82f1d6e1baed2009d4fe9f84c27f69e590aed3d2a169a6cecd938026ff01517076a9789f1

    • SSDEEP

      3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmb:7WkWXV9wUezUroW+tCmCCfNG53Zpb

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks