General

  • Target

    JaffaCakes118_05b01184202d30caa3a31fde4f93c6b0

  • Size

    184KB

  • Sample

    250516-s4bpbabl3w

  • MD5

    05b01184202d30caa3a31fde4f93c6b0

  • SHA1

    42c0456a55b457b9d6e56f4a1679b01c6c4ba3d9

  • SHA256

    e930b7aa56445d648c2a6e6bb95175445c354f5c7924a88a3c71233052654fbc

  • SHA512

    a72a2f3e7e6ea743d2b5128e1cc117eb147ae7e9517f8293d35c46147a5ab0018b1bc60bc186a6b897d8ce835c382139adb25d8963f775741595ffef79b92e6a

  • SSDEEP

    3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1r:FWkWXV9wUezUroW+tCmCCfNG0

Malware Config

Targets

    • Target

      JaffaCakes118_05b01184202d30caa3a31fde4f93c6b0

    • Size

      184KB

    • MD5

      05b01184202d30caa3a31fde4f93c6b0

    • SHA1

      42c0456a55b457b9d6e56f4a1679b01c6c4ba3d9

    • SHA256

      e930b7aa56445d648c2a6e6bb95175445c354f5c7924a88a3c71233052654fbc

    • SHA512

      a72a2f3e7e6ea743d2b5128e1cc117eb147ae7e9517f8293d35c46147a5ab0018b1bc60bc186a6b897d8ce835c382139adb25d8963f775741595ffef79b92e6a

    • SSDEEP

      3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1r:FWkWXV9wUezUroW+tCmCCfNG0

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks