General

  • Target

    JaffaCakes118_0d6ccd6552055d1c87e2315c5f9123f0

  • Size

    184KB

  • Sample

    250604-ma9flagj4v

  • MD5

    0d6ccd6552055d1c87e2315c5f9123f0

  • SHA1

    dcd03c1460c260865c30d2e315b115d512247a49

  • SHA256

    f5faf5074899bbcda7b75d8ceb73a5e745ce9740f8f3731e9bd2f7cd3e18752f

  • SHA512

    2dc339e08e2636eff0c56a34d50068dbb5c84374f29f6ab67419ccd1ecfe6bfde38a49a9ff4f9808f0196dd9204272c0f120a430c67d96092f381ea66a72e28b

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1T:GWkWXV9wUezUroW+tCmCCfNGw

Malware Config

Targets

    • Target

      JaffaCakes118_0d6ccd6552055d1c87e2315c5f9123f0

    • Size

      184KB

    • MD5

      0d6ccd6552055d1c87e2315c5f9123f0

    • SHA1

      dcd03c1460c260865c30d2e315b115d512247a49

    • SHA256

      f5faf5074899bbcda7b75d8ceb73a5e745ce9740f8f3731e9bd2f7cd3e18752f

    • SHA512

      2dc339e08e2636eff0c56a34d50068dbb5c84374f29f6ab67419ccd1ecfe6bfde38a49a9ff4f9808f0196dd9204272c0f120a430c67d96092f381ea66a72e28b

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1T:GWkWXV9wUezUroW+tCmCCfNGw

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks