General

  • Target

    JaffaCakes118_05badb031ec507a561383f26568535f6

  • Size

    206KB

  • Sample

    250516-vl1a3adk2t

  • MD5

    05badb031ec507a561383f26568535f6

  • SHA1

    8c641f49fb7317250217eba49947cf60d37b25cc

  • SHA256

    2ad4d55d3434a585e2912eb4a98d0bed0e4c4aa0565ddf66a813f41c42e72b88

  • SHA512

    ff860184a3a79cd1691df453edbae31791b867bfca5ceb5043fe0aff04682031121eb4c661a303240ed42699a1e2990fffa3205a3431aef576fbc64dbc994376

  • SSDEEP

    3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unbCt4444444444444444444X:zvEN2U+T6i5LirrllHy4HUcMQY6TW

Malware Config

Targets

    • Target

      JaffaCakes118_05badb031ec507a561383f26568535f6

    • Size

      206KB

    • MD5

      05badb031ec507a561383f26568535f6

    • SHA1

      8c641f49fb7317250217eba49947cf60d37b25cc

    • SHA256

      2ad4d55d3434a585e2912eb4a98d0bed0e4c4aa0565ddf66a813f41c42e72b88

    • SHA512

      ff860184a3a79cd1691df453edbae31791b867bfca5ceb5043fe0aff04682031121eb4c661a303240ed42699a1e2990fffa3205a3431aef576fbc64dbc994376

    • SSDEEP

      3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unbCt4444444444444444444X:zvEN2U+T6i5LirrllHy4HUcMQY6TW

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks