General
-
Target
JaffaCakes118_0881abac7f67d46b2b2b7ae0cfc71e5f
-
Size
274KB
-
Sample
250524-cjzyea1scx
-
MD5
0881abac7f67d46b2b2b7ae0cfc71e5f
-
SHA1
872147f40ccfb4a12abb1d597853a548049d91c1
-
SHA256
edf55f98628eb04c294723525b8025bc4acee5de7cc964e7b3b271500b4d5eeb
-
SHA512
40dd839ea1b47f5ae8cdbfc6045f08ae72a208c727577d59426ade9aaaac2a41ebefcda40ea004a72c9804ac6817c7b708e59b8c9dd8e5e209655eba049d25bd
-
SSDEEP
3072:UvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unb:UvEN2U+T6i5LirrllHy4HUcMQY6w
Behavioral task
behavioral1
Sample
JaffaCakes118_0881abac7f67d46b2b2b7ae0cfc71e5f.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_0881abac7f67d46b2b2b7ae0cfc71e5f.exe
Resource
win11-20250508-en
Malware Config
Targets
-
-
Target
JaffaCakes118_0881abac7f67d46b2b2b7ae0cfc71e5f
-
Size
274KB
-
MD5
0881abac7f67d46b2b2b7ae0cfc71e5f
-
SHA1
872147f40ccfb4a12abb1d597853a548049d91c1
-
SHA256
edf55f98628eb04c294723525b8025bc4acee5de7cc964e7b3b271500b4d5eeb
-
SHA512
40dd839ea1b47f5ae8cdbfc6045f08ae72a208c727577d59426ade9aaaac2a41ebefcda40ea004a72c9804ac6817c7b708e59b8c9dd8e5e209655eba049d25bd
-
SSDEEP
3072:UvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unb:UvEN2U+T6i5LirrllHy4HUcMQY6w
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4