General

  • Target

    JaffaCakes118_0881abac7f67d46b2b2b7ae0cfc71e5f

  • Size

    274KB

  • Sample

    250524-cjzyea1scx

  • MD5

    0881abac7f67d46b2b2b7ae0cfc71e5f

  • SHA1

    872147f40ccfb4a12abb1d597853a548049d91c1

  • SHA256

    edf55f98628eb04c294723525b8025bc4acee5de7cc964e7b3b271500b4d5eeb

  • SHA512

    40dd839ea1b47f5ae8cdbfc6045f08ae72a208c727577d59426ade9aaaac2a41ebefcda40ea004a72c9804ac6817c7b708e59b8c9dd8e5e209655eba049d25bd

  • SSDEEP

    3072:UvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unb:UvEN2U+T6i5LirrllHy4HUcMQY6w

Malware Config

Targets

    • Target

      JaffaCakes118_0881abac7f67d46b2b2b7ae0cfc71e5f

    • Size

      274KB

    • MD5

      0881abac7f67d46b2b2b7ae0cfc71e5f

    • SHA1

      872147f40ccfb4a12abb1d597853a548049d91c1

    • SHA256

      edf55f98628eb04c294723525b8025bc4acee5de7cc964e7b3b271500b4d5eeb

    • SHA512

      40dd839ea1b47f5ae8cdbfc6045f08ae72a208c727577d59426ade9aaaac2a41ebefcda40ea004a72c9804ac6817c7b708e59b8c9dd8e5e209655eba049d25bd

    • SSDEEP

      3072:UvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unb:UvEN2U+T6i5LirrllHy4HUcMQY6w

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks