General

  • Target

    JaffaCakes118_061e453d8d29fbb864e3ea7adb00d610

  • Size

    611KB

  • Sample

    250517-mz62rsej3v

  • MD5

    061e453d8d29fbb864e3ea7adb00d610

  • SHA1

    b15810295a38bb3140d702c44e5b991782aefec2

  • SHA256

    4ecb521344b59551eff12a4d30e6cc95bbc91ed9a850f8e95f78832f9f666d09

  • SHA512

    1154668fae0b40069731ddd5a947dbeaa7d07ab59b408cfb552f269c647972b01e764796a8a321bb08150709952c467451b9be924055bc75b5da0f7f03c6466d

  • SSDEEP

    12288:xeghj4TGsJnHRsUHVxoo6UrG4go0P2Odwy0rqgqjpFWsR:xd0GWn2UHVCocPpi/OpcsR

Malware Config

Targets

    • Target

      JaffaCakes118_061e453d8d29fbb864e3ea7adb00d610

    • Size

      611KB

    • MD5

      061e453d8d29fbb864e3ea7adb00d610

    • SHA1

      b15810295a38bb3140d702c44e5b991782aefec2

    • SHA256

      4ecb521344b59551eff12a4d30e6cc95bbc91ed9a850f8e95f78832f9f666d09

    • SHA512

      1154668fae0b40069731ddd5a947dbeaa7d07ab59b408cfb552f269c647972b01e764796a8a321bb08150709952c467451b9be924055bc75b5da0f7f03c6466d

    • SSDEEP

      12288:xeghj4TGsJnHRsUHVxoo6UrG4go0P2Odwy0rqgqjpFWsR:xd0GWn2UHVCocPpi/OpcsR

    • Detects Mofksys worm

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v16

Tasks