General
-
Target
JaffaCakes118_08b8f5b22fe4d936df743df6844d11e0
-
Size
206KB
-
Sample
250524-s4m3cav1hs
-
MD5
08b8f5b22fe4d936df743df6844d11e0
-
SHA1
fb93ad8eb9bb3830559d344bd3c30bc45a76a7c0
-
SHA256
07fb5a21f87275498d5ea5237f1b3a3dfcf8936f0c58d61952370d071402eaa3
-
SHA512
be36f9b4882fc59e6e9b7d8f83c2d893449cda4f208589b03e4115cfe167667a02dbfefa5478143418ded1d2b59ee4d35f5415a09252b9c532be23f8508b0aab
-
SSDEEP
3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unjK:zvEN2U+T6i5LirrllHy4HUcMQY6N
Behavioral task
behavioral1
Sample
JaffaCakes118_08b8f5b22fe4d936df743df6844d11e0.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_08b8f5b22fe4d936df743df6844d11e0.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_08b8f5b22fe4d936df743df6844d11e0
-
Size
206KB
-
MD5
08b8f5b22fe4d936df743df6844d11e0
-
SHA1
fb93ad8eb9bb3830559d344bd3c30bc45a76a7c0
-
SHA256
07fb5a21f87275498d5ea5237f1b3a3dfcf8936f0c58d61952370d071402eaa3
-
SHA512
be36f9b4882fc59e6e9b7d8f83c2d893449cda4f208589b03e4115cfe167667a02dbfefa5478143418ded1d2b59ee4d35f5415a09252b9c532be23f8508b0aab
-
SSDEEP
3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unjK:zvEN2U+T6i5LirrllHy4HUcMQY6N
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4