General

  • Target

    JaffaCakes118_08f17c7d057b819731120e8530f340aa

  • Size

    184KB

  • Sample

    250525-g2819azyfs

  • MD5

    08f17c7d057b819731120e8530f340aa

  • SHA1

    2e687a1d028659cf315bb6931dd6368a2c679863

  • SHA256

    d6a3b0af95871a3d107cab909fd7c148e760236a22cb96aa6f2acd9357925fc7

  • SHA512

    f22614d4e7717ee864b19b5f7d86bb76c26486a1d9fca74d77e5e4afeae6352be3816654a9d3434f4b8106f1c099e8d5128843d7cd773f0bda48c3382dd7c389

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW11:GWkWXV9wUezUroW+tCmCCfNGY

Malware Config

Targets

    • Target

      JaffaCakes118_08f17c7d057b819731120e8530f340aa

    • Size

      184KB

    • MD5

      08f17c7d057b819731120e8530f340aa

    • SHA1

      2e687a1d028659cf315bb6931dd6368a2c679863

    • SHA256

      d6a3b0af95871a3d107cab909fd7c148e760236a22cb96aa6f2acd9357925fc7

    • SHA512

      f22614d4e7717ee864b19b5f7d86bb76c26486a1d9fca74d77e5e4afeae6352be3816654a9d3434f4b8106f1c099e8d5128843d7cd773f0bda48c3382dd7c389

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW11:GWkWXV9wUezUroW+tCmCCfNGY

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks