General

  • Target

    JaffaCakes118_053aef0149ed621625b006a0142f0fd0

  • Size

    184KB

  • Sample

    250516-ek259sgm3w

  • MD5

    053aef0149ed621625b006a0142f0fd0

  • SHA1

    31363bec5929699a9db99702d167a0df38af4aa2

  • SHA256

    e44afaf3830f9343ab11d121d54b27a47adb3ffc7d88dbd567a24d64af941f44

  • SHA512

    6374607a79012fe002c6ab1b3af395496e8cf6e3d873bbd0c9a516afdb0356829e15893feb34cdf5d139386121bdc229e4b9e17834d75aa59fd5bf802d1c097e

  • SSDEEP

    3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1+:FWkWXV9wUezUroW+tCmCCfNG7

Malware Config

Targets

    • Target

      JaffaCakes118_053aef0149ed621625b006a0142f0fd0

    • Size

      184KB

    • MD5

      053aef0149ed621625b006a0142f0fd0

    • SHA1

      31363bec5929699a9db99702d167a0df38af4aa2

    • SHA256

      e44afaf3830f9343ab11d121d54b27a47adb3ffc7d88dbd567a24d64af941f44

    • SHA512

      6374607a79012fe002c6ab1b3af395496e8cf6e3d873bbd0c9a516afdb0356829e15893feb34cdf5d139386121bdc229e4b9e17834d75aa59fd5bf802d1c097e

    • SSDEEP

      3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1+:FWkWXV9wUezUroW+tCmCCfNG7

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks