General

  • Target

    JaffaCakes118_09b86de41a19108bed6adf3d883f1c80

  • Size

    260KB

  • Sample

    250526-2vhkyawlt9

  • MD5

    09b86de41a19108bed6adf3d883f1c80

  • SHA1

    8c14895c693543f1e04b55317da128eca9de28b3

  • SHA256

    eba845bfcc91b71edc8ac9e31ba09278776b6aa5ce5164f97de91ef808cb6ac8

  • SHA512

    7066ed3da18f1dc08345c136e49d8f833f6e748c42a2aefc075f1ad42a5f55c9cd49cfb34117c63e703ea01d0f4c0eff6bc24310e3c7d8e805d795af3dde5cf5

  • SSDEEP

    3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1N:PWkWXV9wUezUroW+tCmCCfNGO

Malware Config

Targets

    • Target

      JaffaCakes118_09b86de41a19108bed6adf3d883f1c80

    • Size

      260KB

    • MD5

      09b86de41a19108bed6adf3d883f1c80

    • SHA1

      8c14895c693543f1e04b55317da128eca9de28b3

    • SHA256

      eba845bfcc91b71edc8ac9e31ba09278776b6aa5ce5164f97de91ef808cb6ac8

    • SHA512

      7066ed3da18f1dc08345c136e49d8f833f6e748c42a2aefc075f1ad42a5f55c9cd49cfb34117c63e703ea01d0f4c0eff6bc24310e3c7d8e805d795af3dde5cf5

    • SSDEEP

      3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1N:PWkWXV9wUezUroW+tCmCCfNGO

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks