General

  • Target

    JaffaCakes118_064ea463628687cb75ec7dcdf9ede360

  • Size

    260KB

  • Sample

    250517-yd9rbazlx7

  • MD5

    064ea463628687cb75ec7dcdf9ede360

  • SHA1

    58ae1c20bcd61ee909454770e7075da7a3856f20

  • SHA256

    ed404a2a3339249aecb4ef1d2f8a5b2cf2c9a7887aac25f1b98d0a4539c8c88a

  • SHA512

    97818eb170d85451a68f4c6e0c6b335a43e98ffb6c017ad359a80b1da40244a650fc4e87d7fb8a4be4a61ccc56cc06f83bb4a5ef49628ed63856936cfef06cd1

  • SSDEEP

    3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1V:PWkWXV9wUezUroW+tCmCCfNGa

Malware Config

Targets

    • Target

      JaffaCakes118_064ea463628687cb75ec7dcdf9ede360

    • Size

      260KB

    • MD5

      064ea463628687cb75ec7dcdf9ede360

    • SHA1

      58ae1c20bcd61ee909454770e7075da7a3856f20

    • SHA256

      ed404a2a3339249aecb4ef1d2f8a5b2cf2c9a7887aac25f1b98d0a4539c8c88a

    • SHA512

      97818eb170d85451a68f4c6e0c6b335a43e98ffb6c017ad359a80b1da40244a650fc4e87d7fb8a4be4a61ccc56cc06f83bb4a5ef49628ed63856936cfef06cd1

    • SSDEEP

      3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1V:PWkWXV9wUezUroW+tCmCCfNGa

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks