General

  • Target

    JaffaCakes118_098a6f76b3b17d1ec23bf954af50a88e

  • Size

    184KB

  • Sample

    250526-r3lmfshm3x

  • MD5

    098a6f76b3b17d1ec23bf954af50a88e

  • SHA1

    7667c67284eefebda727837bbddca4a6bb5f8148

  • SHA256

    d79f49a0c5a08a8685a56c4913450efcf2f468edb17e75cc993a866b67f2c167

  • SHA512

    9a301a6eb2b0173b201ed92c895064558be964f0566d93abea9a436ee8087d96d91efbaf8a1ad682f4de0c0f3650d71b0da31afc9183a4dfcf477022656d17f5

  • SSDEEP

    3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1j:GWkWXV9wUezUroW+tCmCCfNGQ

Malware Config

Targets

    • Target

      JaffaCakes118_098a6f76b3b17d1ec23bf954af50a88e

    • Size

      184KB

    • MD5

      098a6f76b3b17d1ec23bf954af50a88e

    • SHA1

      7667c67284eefebda727837bbddca4a6bb5f8148

    • SHA256

      d79f49a0c5a08a8685a56c4913450efcf2f468edb17e75cc993a866b67f2c167

    • SHA512

      9a301a6eb2b0173b201ed92c895064558be964f0566d93abea9a436ee8087d96d91efbaf8a1ad682f4de0c0f3650d71b0da31afc9183a4dfcf477022656d17f5

    • SSDEEP

      3072:GWkWRM0We9kVF3GezUroWlBCtCmCdXC1D1NGW1j:GWkWXV9wUezUroW+tCmCCfNGQ

    • Detects Mofksys worm

    • Modifies WinLogon for persistence

    • Modifies visiblity of hidden/system files in Explorer

    • Mofksys

      Mofksys is a worm written in VisualBasic.

    • Mofksys family

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    • Drops file in Drivers directory

    • Executes dropped EXE

    • Adds Run key to start application

MITRE ATT&CK Enterprise v16

Tasks