General

  • Target

    JaffaCakes118_09844ac258741362ad829667e0c4d387

  • Size

    184KB

  • Sample

    250526-qvnleazpy3

  • MD5

    09844ac258741362ad829667e0c4d387

  • SHA1

    1ec64d75bfa262fa31f97a8aa870112f26461fa9

  • SHA256

    28e735944c695ed3413cf5b2ccf8bb29c8d776bf41a86b07afc7d86fcd682b5a

  • SHA512

    27744ad4427ba7dc6da3619be6cd73874379a2e2193f94a76a51f287be78eed935f55ab01a515e7bd8a0d9e26caae9bfe9d7be115e20257cad77aac6dbacc659

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1C:GWkWXV9wUezUroW+tCmCCfNGD

Malware Config

Targets

    • Target

      JaffaCakes118_09844ac258741362ad829667e0c4d387

    • Size

      184KB

    • MD5

      09844ac258741362ad829667e0c4d387

    • SHA1

      1ec64d75bfa262fa31f97a8aa870112f26461fa9

    • SHA256

      28e735944c695ed3413cf5b2ccf8bb29c8d776bf41a86b07afc7d86fcd682b5a

    • SHA512

      27744ad4427ba7dc6da3619be6cd73874379a2e2193f94a76a51f287be78eed935f55ab01a515e7bd8a0d9e26caae9bfe9d7be115e20257cad77aac6dbacc659

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1C:GWkWXV9wUezUroW+tCmCCfNGD

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks