General

  • Target

    JaffaCakes118_0652455f120dddb2e7ca8338919b7fb0

  • Size

    274KB

  • Sample

    250517-zahn4afn51

  • MD5

    0652455f120dddb2e7ca8338919b7fb0

  • SHA1

    038c1e2bc8b47e54873df56f144c5d7b6d59d5e8

  • SHA256

    2ad4436ef692a4088bebb1fbf9d4b220d82730a1d47ef79b130dbee674d7cd25

  • SHA512

    4bac91296aeefe2691223253aef0832e9d07d31ee2798c49c9d4efdf773c11d4e47d762b1eaf3957ec17032b39be4f47f33f411f0c1d27ca43c406aaf860a829

  • SSDEEP

    3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmG:7WkWXV9wUezUroW+tCmCCfNG53ZpG

Malware Config

Targets

    • Target

      JaffaCakes118_0652455f120dddb2e7ca8338919b7fb0

    • Size

      274KB

    • MD5

      0652455f120dddb2e7ca8338919b7fb0

    • SHA1

      038c1e2bc8b47e54873df56f144c5d7b6d59d5e8

    • SHA256

      2ad4436ef692a4088bebb1fbf9d4b220d82730a1d47ef79b130dbee674d7cd25

    • SHA512

      4bac91296aeefe2691223253aef0832e9d07d31ee2798c49c9d4efdf773c11d4e47d762b1eaf3957ec17032b39be4f47f33f411f0c1d27ca43c406aaf860a829

    • SSDEEP

      3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmG:7WkWXV9wUezUroW+tCmCCfNG53ZpG

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks