General

  • Target

    JaffaCakes118_054f66b17eff0b91d16e137cbc710a20

  • Size

    184KB

  • Sample

    250516-f4gjcaypv9

  • MD5

    054f66b17eff0b91d16e137cbc710a20

  • SHA1

    871db676288dee9442f5dd4e16b980f7144de187

  • SHA256

    4795399ffef987e79cba2b6cfffc8444e23a6e85cadaf1e92f2f7bd816e935d4

  • SHA512

    efdc049dd4424f3fc277b028438f5bed0c175c7289a54e3bcb776e1d236317b970d23d9e2ef2e76539ab940239e9fb9020c25058cbd8ce137a2e802457555825

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1I0:GWkWXV9wUezUroW+tCmCCfNGh0

Malware Config

Targets

    • Target

      JaffaCakes118_054f66b17eff0b91d16e137cbc710a20

    • Size

      184KB

    • MD5

      054f66b17eff0b91d16e137cbc710a20

    • SHA1

      871db676288dee9442f5dd4e16b980f7144de187

    • SHA256

      4795399ffef987e79cba2b6cfffc8444e23a6e85cadaf1e92f2f7bd816e935d4

    • SHA512

      efdc049dd4424f3fc277b028438f5bed0c175c7289a54e3bcb776e1d236317b970d23d9e2ef2e76539ab940239e9fb9020c25058cbd8ce137a2e802457555825

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1I0:GWkWXV9wUezUroW+tCmCCfNGh0

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks