General

  • Target

    JaffaCakes118_09e61eebf834c16a3f472cf218f51c70

  • Size

    184KB

  • Sample

    250527-cjdeeaw1bs

  • MD5

    09e61eebf834c16a3f472cf218f51c70

  • SHA1

    dcc5247182f2dd13156c6f0c7cb667892b2b2f1b

  • SHA256

    9063ac014d4767bac85b1a26921ccb1e195830573163c266aec43f30d7675de9

  • SHA512

    01ed5784dd14d084fc3a0d2c427820344e31acd9da468fdda06108519b7340cb1c692852bc99cd95c479bd25c9aaa8ef8494ccc2412efe978c660cd333949754

  • SSDEEP

    3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1o:FWkWXV9wUezUroW+tCmCCfNGx

Malware Config

Targets

    • Target

      JaffaCakes118_09e61eebf834c16a3f472cf218f51c70

    • Size

      184KB

    • MD5

      09e61eebf834c16a3f472cf218f51c70

    • SHA1

      dcc5247182f2dd13156c6f0c7cb667892b2b2f1b

    • SHA256

      9063ac014d4767bac85b1a26921ccb1e195830573163c266aec43f30d7675de9

    • SHA512

      01ed5784dd14d084fc3a0d2c427820344e31acd9da468fdda06108519b7340cb1c692852bc99cd95c479bd25c9aaa8ef8494ccc2412efe978c660cd333949754

    • SSDEEP

      3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1o:FWkWXV9wUezUroW+tCmCCfNGx

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks