General
-
Target
JaffaCakes118_09b86de41a19108bed6adf3d883f1c80
-
Size
260KB
-
Sample
250526-2vhkyawlt9
-
MD5
09b86de41a19108bed6adf3d883f1c80
-
SHA1
8c14895c693543f1e04b55317da128eca9de28b3
-
SHA256
eba845bfcc91b71edc8ac9e31ba09278776b6aa5ce5164f97de91ef808cb6ac8
-
SHA512
7066ed3da18f1dc08345c136e49d8f833f6e748c42a2aefc075f1ad42a5f55c9cd49cfb34117c63e703ea01d0f4c0eff6bc24310e3c7d8e805d795af3dde5cf5
-
SSDEEP
3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1N:PWkWXV9wUezUroW+tCmCCfNGO
Behavioral task
behavioral1
Sample
JaffaCakes118_09b86de41a19108bed6adf3d883f1c80.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
JaffaCakes118_09b86de41a19108bed6adf3d883f1c80.exe
Resource
win11-20250502-en
Malware Config
Targets
-
-
Target
JaffaCakes118_09b86de41a19108bed6adf3d883f1c80
-
Size
260KB
-
MD5
09b86de41a19108bed6adf3d883f1c80
-
SHA1
8c14895c693543f1e04b55317da128eca9de28b3
-
SHA256
eba845bfcc91b71edc8ac9e31ba09278776b6aa5ce5164f97de91ef808cb6ac8
-
SHA512
7066ed3da18f1dc08345c136e49d8f833f6e748c42a2aefc075f1ad42a5f55c9cd49cfb34117c63e703ea01d0f4c0eff6bc24310e3c7d8e805d795af3dde5cf5
-
SSDEEP
3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1N:PWkWXV9wUezUroW+tCmCCfNGO
Score10/10-
Detects Mofksys worm
-
Modifies WinLogon for persistence
-
Modifies visiblity of hidden/system files in Explorer
-
Mofksys family
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Drops file in Drivers directory
-
Executes dropped EXE
-
Adds Run key to start application
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Privilege Escalation
Boot or Logon Autostart Execution
3Active Setup
1Registry Run Keys / Startup Folder
1Winlogon Helper DLL
1Defense Evasion
Hide Artifacts
1Hidden Files and Directories
1Modify Registry
4