General

  • Target

    JaffaCakes118_0dec7a48b63ca681a1dc8c80b2f661d0

  • Size

    274KB

  • Sample

    250605-bsgyhsyzdt

  • MD5

    0dec7a48b63ca681a1dc8c80b2f661d0

  • SHA1

    9db3f1e5c4273123d3969b1a4b18a8f274d1f5b7

  • SHA256

    747802ccf1b6ba72e05ae745c0e1d42ed21c0633e0d112397bae731a8a9e8546

  • SHA512

    7f3e628bf38396405ec15b6a83f8e0551d3abbc52aa9ba8d90e031c8ec187c1ab659226b48964bed81bf48a974f2a3677ab8f977a44e1f16f3425f44db58e121

  • SSDEEP

    3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmf:7WkWXV9wUezUroW+tCmCCfNG53Zpf

Malware Config

Targets

    • Target

      JaffaCakes118_0dec7a48b63ca681a1dc8c80b2f661d0

    • Size

      274KB

    • MD5

      0dec7a48b63ca681a1dc8c80b2f661d0

    • SHA1

      9db3f1e5c4273123d3969b1a4b18a8f274d1f5b7

    • SHA256

      747802ccf1b6ba72e05ae745c0e1d42ed21c0633e0d112397bae731a8a9e8546

    • SHA512

      7f3e628bf38396405ec15b6a83f8e0551d3abbc52aa9ba8d90e031c8ec187c1ab659226b48964bed81bf48a974f2a3677ab8f977a44e1f16f3425f44db58e121

    • SSDEEP

      3072:7WkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1e3ZCcgmf:7WkWXV9wUezUroW+tCmCCfNG53Zpf

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks