General

  • Target

    JaffaCakes118_0df8575260fc5013f6bdf41cf5ba0f4d

  • Size

    206KB

  • Sample

    250605-c26hxahm5t

  • MD5

    0df8575260fc5013f6bdf41cf5ba0f4d

  • SHA1

    7c25054f47e8507241a29376adbf94acd254bead

  • SHA256

    aa04e6b355b434354f65050693937d52f96b52fc8e998909592b489094f36f8f

  • SHA512

    55d227f40953f80812bf76de00a4d5baeb88ec23cdfdba9390c0b1e79cca9518df7ca8c849cf5881fe49fafa17f1fa741a3d43d508a0022f5b17a12bd055b5a0

  • SSDEEP

    3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAt:bbl5RKgOGqml80FrgTRHGvJI08iYn

Malware Config

Targets

    • Target

      JaffaCakes118_0df8575260fc5013f6bdf41cf5ba0f4d

    • Size

      206KB

    • MD5

      0df8575260fc5013f6bdf41cf5ba0f4d

    • SHA1

      7c25054f47e8507241a29376adbf94acd254bead

    • SHA256

      aa04e6b355b434354f65050693937d52f96b52fc8e998909592b489094f36f8f

    • SHA512

      55d227f40953f80812bf76de00a4d5baeb88ec23cdfdba9390c0b1e79cca9518df7ca8c849cf5881fe49fafa17f1fa741a3d43d508a0022f5b17a12bd055b5a0

    • SSDEEP

      3072:bbluj2AgK1S4lQ/qml80FqCKmgTRHGvcqRI0NU/iYyAt:bbl5RKgOGqml80FrgTRHGvJI08iYn

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks