General

  • Target

    JaffaCakes118_08b8f5b22fe4d936df743df6844d11e0

  • Size

    206KB

  • Sample

    250524-s4m3cav1hs

  • MD5

    08b8f5b22fe4d936df743df6844d11e0

  • SHA1

    fb93ad8eb9bb3830559d344bd3c30bc45a76a7c0

  • SHA256

    07fb5a21f87275498d5ea5237f1b3a3dfcf8936f0c58d61952370d071402eaa3

  • SHA512

    be36f9b4882fc59e6e9b7d8f83c2d893449cda4f208589b03e4115cfe167667a02dbfefa5478143418ded1d2b59ee4d35f5415a09252b9c532be23f8508b0aab

  • SSDEEP

    3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unjK:zvEN2U+T6i5LirrllHy4HUcMQY6N

Malware Config

Targets

    • Target

      JaffaCakes118_08b8f5b22fe4d936df743df6844d11e0

    • Size

      206KB

    • MD5

      08b8f5b22fe4d936df743df6844d11e0

    • SHA1

      fb93ad8eb9bb3830559d344bd3c30bc45a76a7c0

    • SHA256

      07fb5a21f87275498d5ea5237f1b3a3dfcf8936f0c58d61952370d071402eaa3

    • SHA512

      be36f9b4882fc59e6e9b7d8f83c2d893449cda4f208589b03e4115cfe167667a02dbfefa5478143418ded1d2b59ee4d35f5415a09252b9c532be23f8508b0aab

    • SSDEEP

      3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unjK:zvEN2U+T6i5LirrllHy4HUcMQY6N

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks