General

  • Target

    JaffaCakes118_0a1d6f00dc010d134be073f367903d08

  • Size

    184KB

  • Sample

    250527-gkz21sdq9s

  • MD5

    0a1d6f00dc010d134be073f367903d08

  • SHA1

    b002504890b5f67193752416238a93b98964afc5

  • SHA256

    cfafd2dd49903c7c05dece80688ac79b6e257eac2ba5446edd4d8bf87b332fa3

  • SHA512

    3b4564f5d2a62b7ddbd16403a8b2a40960aa2650cc64cc7015646e25a9a64240c9d22a679cefe34bfcac127e845cbdec60fff2d11972e2ef678de9e8c011da20

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1rh:GWkWXV9wUezUroW+tCmCCfNG4h

Malware Config

Targets

    • Target

      JaffaCakes118_0a1d6f00dc010d134be073f367903d08

    • Size

      184KB

    • MD5

      0a1d6f00dc010d134be073f367903d08

    • SHA1

      b002504890b5f67193752416238a93b98964afc5

    • SHA256

      cfafd2dd49903c7c05dece80688ac79b6e257eac2ba5446edd4d8bf87b332fa3

    • SHA512

      3b4564f5d2a62b7ddbd16403a8b2a40960aa2650cc64cc7015646e25a9a64240c9d22a679cefe34bfcac127e845cbdec60fff2d11972e2ef678de9e8c011da20

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1rh:GWkWXV9wUezUroW+tCmCCfNG4h

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks