General

  • Target

    JaffaCakes118_09773348bb74ec666d72643547bed001

  • Size

    206KB

  • Sample

    250526-mzw7kayly3

  • MD5

    09773348bb74ec666d72643547bed001

  • SHA1

    4910906de65b0aa7c05ec7e0e9625d8b99d72a09

  • SHA256

    3676de9bae7ff93285caf0326f1b0b655ddf5a123307cab03293a8288cbd1881

  • SHA512

    a59f173d014daf02cc82e181d4cee9393fc8977b36a2dfed2914ef00b495b3e3504007107cd6ad93e22ed15c56716138557d1c79d702fcdea6044dedbdb40dad

  • SSDEEP

    3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyA4svvvvvvvvvvvvvvvvvvj:bbl5RKgOGqml80FrgTRHGvJI08iYP

Malware Config

Targets

    • Target

      JaffaCakes118_09773348bb74ec666d72643547bed001

    • Size

      206KB

    • MD5

      09773348bb74ec666d72643547bed001

    • SHA1

      4910906de65b0aa7c05ec7e0e9625d8b99d72a09

    • SHA256

      3676de9bae7ff93285caf0326f1b0b655ddf5a123307cab03293a8288cbd1881

    • SHA512

      a59f173d014daf02cc82e181d4cee9393fc8977b36a2dfed2914ef00b495b3e3504007107cd6ad93e22ed15c56716138557d1c79d702fcdea6044dedbdb40dad

    • SSDEEP

      3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyA4svvvvvvvvvvvvvvvvvvj:bbl5RKgOGqml80FrgTRHGvJI08iYP

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks