General

  • Target

    JaffaCakes118_062154ffd8efb7315acdf5877c0e9390

  • Size

    184KB

  • Sample

    250517-nfqq4sek61

  • MD5

    062154ffd8efb7315acdf5877c0e9390

  • SHA1

    e98c17fc934eea57252cc90f8bd712a483ffe873

  • SHA256

    fa2134b2098dd290f563794ce4d1b548b919983e7b3148b1136ccbfc0d6497fd

  • SHA512

    f305aa394faea3a3e5ce69d6d70a12160ea0f0db38736117ce6d22e851001798f598e223dba0cad22718997a84e4a018c4df6135c43b1df2ecf7ea6722e59bfe

  • SSDEEP

    3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1d:FWkWXV9wUezUroW+tCmCCfNGA

Malware Config

Targets

    • Target

      JaffaCakes118_062154ffd8efb7315acdf5877c0e9390

    • Size

      184KB

    • MD5

      062154ffd8efb7315acdf5877c0e9390

    • SHA1

      e98c17fc934eea57252cc90f8bd712a483ffe873

    • SHA256

      fa2134b2098dd290f563794ce4d1b548b919983e7b3148b1136ccbfc0d6497fd

    • SHA512

      f305aa394faea3a3e5ce69d6d70a12160ea0f0db38736117ce6d22e851001798f598e223dba0cad22718997a84e4a018c4df6135c43b1df2ecf7ea6722e59bfe

    • SSDEEP

      3072:FWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1d:FWkWXV9wUezUroW+tCmCCfNGA

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks