General

  • Target

    JaffaCakes118_06b5f81d5c22eccf9462f180fed26320

  • Size

    184KB

  • Sample

    250518-p12jsadn8v

  • MD5

    06b5f81d5c22eccf9462f180fed26320

  • SHA1

    7d8366b6ce71463048f3e9602a33dfc01109bed0

  • SHA256

    f9c3541f48b5d468811386e7261053692096af8c095b19505dfe9532495d8f68

  • SHA512

    d174ec640212fcf732e060e6cc6f4e5dadb1010bdfc3f8637e403d442d28b1e412f8673ffed472a3f4459b4d69962e5c49259d204127aeed49139d6d5e9337db

  • SSDEEP

    3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1a:FWkWXV9wUezUroW+tCmCCfNG9

Malware Config

Targets

    • Target

      JaffaCakes118_06b5f81d5c22eccf9462f180fed26320

    • Size

      184KB

    • MD5

      06b5f81d5c22eccf9462f180fed26320

    • SHA1

      7d8366b6ce71463048f3e9602a33dfc01109bed0

    • SHA256

      f9c3541f48b5d468811386e7261053692096af8c095b19505dfe9532495d8f68

    • SHA512

      d174ec640212fcf732e060e6cc6f4e5dadb1010bdfc3f8637e403d442d28b1e412f8673ffed472a3f4459b4d69962e5c49259d204127aeed49139d6d5e9337db

    • SSDEEP

      3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1a:FWkWXV9wUezUroW+tCmCCfNG9

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks