General

  • Target

    JaffaCakes118_05b855df7fe862f00a2a3bbb02fc89c1

  • Size

    184KB

  • Sample

    250516-t9kd3scq6z

  • MD5

    05b855df7fe862f00a2a3bbb02fc89c1

  • SHA1

    1a05caff910b7b35cc0216379f7f4e40e1c43fb7

  • SHA256

    f1bd8c3d3bd7d04a8b266acda88b314530d3275b75a5b8ba8178d3ae64bca415

  • SHA512

    0a3648533daa9edae433c23fa29304eb919354cb4c3c51f95e792e959cddfd602563009cf53b6b6eaf56c6c941bc67e64875428669312a58af5aa14f7ccd2978

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1/U:GWkWXV9wUezUroW+tCmCCfNGP

Malware Config

Targets

    • Target

      JaffaCakes118_05b855df7fe862f00a2a3bbb02fc89c1

    • Size

      184KB

    • MD5

      05b855df7fe862f00a2a3bbb02fc89c1

    • SHA1

      1a05caff910b7b35cc0216379f7f4e40e1c43fb7

    • SHA256

      f1bd8c3d3bd7d04a8b266acda88b314530d3275b75a5b8ba8178d3ae64bca415

    • SHA512

      0a3648533daa9edae433c23fa29304eb919354cb4c3c51f95e792e959cddfd602563009cf53b6b6eaf56c6c941bc67e64875428669312a58af5aa14f7ccd2978

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1/U:GWkWXV9wUezUroW+tCmCCfNGP

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks