General

  • Target

    JaffaCakes118_09b610b8aab4fae2e23b71c13b56bfc0

  • Size

    184KB

  • Sample

    250526-2kk83svtfx

  • MD5

    09b610b8aab4fae2e23b71c13b56bfc0

  • SHA1

    f56c095a7e5ccba34bfdf7f66825242d06cb9794

  • SHA256

    ba0418ebef342d94c233933ded4319b146fedc76ecc5509036c1a5c33c02c810

  • SHA512

    302a3121cb0f1c1eaed69021d355dd2178be4564be7e4e106278fa5acd9bed5121f91c0598461019d61e31629e78e7de9bf53fe8df6493bbe50e6f0a4ffcf75b

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1I9:GWkWXV9wUezUroW+tCmCCfNGh9

Malware Config

Targets

    • Target

      JaffaCakes118_09b610b8aab4fae2e23b71c13b56bfc0

    • Size

      184KB

    • MD5

      09b610b8aab4fae2e23b71c13b56bfc0

    • SHA1

      f56c095a7e5ccba34bfdf7f66825242d06cb9794

    • SHA256

      ba0418ebef342d94c233933ded4319b146fedc76ecc5509036c1a5c33c02c810

    • SHA512

      302a3121cb0f1c1eaed69021d355dd2178be4564be7e4e106278fa5acd9bed5121f91c0598461019d61e31629e78e7de9bf53fe8df6493bbe50e6f0a4ffcf75b

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1I9:GWkWXV9wUezUroW+tCmCCfNGh9

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks