General

  • Target

    JaffaCakes118_098cc63e3ea73830c6aef831a9c7bebf

  • Size

    206KB

  • Sample

    250526-smjnla1qz3

  • MD5

    098cc63e3ea73830c6aef831a9c7bebf

  • SHA1

    c6bf6b9afa524f915307d70ba6277efe04645d6d

  • SHA256

    69da0f7c0ddcb1b79cd28e3e206aaecdb1df9ccbb7959ef81be9a72f0307f693

  • SHA512

    d19633038a045d0d6782cf6ca9237017e86e9f245b8f245d2b5ce9ffbb85464c5559fb07509af702498f964f4d6a8771dcd7c7af00860bdc422742e156263121

  • SSDEEP

    3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6und1L:zvEN2U+T6i5LirrllHy4HUcMQY60

Malware Config

Targets

    • Target

      JaffaCakes118_098cc63e3ea73830c6aef831a9c7bebf

    • Size

      206KB

    • MD5

      098cc63e3ea73830c6aef831a9c7bebf

    • SHA1

      c6bf6b9afa524f915307d70ba6277efe04645d6d

    • SHA256

      69da0f7c0ddcb1b79cd28e3e206aaecdb1df9ccbb7959ef81be9a72f0307f693

    • SHA512

      d19633038a045d0d6782cf6ca9237017e86e9f245b8f245d2b5ce9ffbb85464c5559fb07509af702498f964f4d6a8771dcd7c7af00860bdc422742e156263121

    • SSDEEP

      3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6und1L:zvEN2U+T6i5LirrllHy4HUcMQY60

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks