General

  • Target

    JaffaCakes118_0dc2b84a4a20eec8f97ac09d8271bce0

  • Size

    260KB

  • Sample

    250604-yl6dvsvsdv

  • MD5

    0dc2b84a4a20eec8f97ac09d8271bce0

  • SHA1

    760f735442170a562c5eef88bbb36c36cb6edc3e

  • SHA256

    2d655751b61a082bd83924dd8ca3e5eed2d35752deadb0bdc2e40bc2772df24c

  • SHA512

    bb47fca50449fa83a18f149adbcb4363537537ea7d3b4ad080b794c2cc023a10e1706d27be5de5c267126f08e34631d4db64b1d838c82ae1b342c2ae2e1865e5

  • SSDEEP

    3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW14111111111111111111111111i:PWkWXV9wUezUroW+tCmCCfNGi

Malware Config

Targets

    • Target

      JaffaCakes118_0dc2b84a4a20eec8f97ac09d8271bce0

    • Size

      260KB

    • MD5

      0dc2b84a4a20eec8f97ac09d8271bce0

    • SHA1

      760f735442170a562c5eef88bbb36c36cb6edc3e

    • SHA256

      2d655751b61a082bd83924dd8ca3e5eed2d35752deadb0bdc2e40bc2772df24c

    • SHA512

      bb47fca50449fa83a18f149adbcb4363537537ea7d3b4ad080b794c2cc023a10e1706d27be5de5c267126f08e34631d4db64b1d838c82ae1b342c2ae2e1865e5

    • SSDEEP

      3072:PWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW14111111111111111111111111i:PWkWXV9wUezUroW+tCmCCfNGi

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks