General
-
Target
e3c672e80f94ae85831acf7ab311fbc9_JaffaCakes118
-
Size
1.6MB
-
Sample
240407-b3zlbahe6w
-
MD5
e3c672e80f94ae85831acf7ab311fbc9
-
SHA1
d19f5ad650830283693e82c6c66a3c6935abb214
-
SHA256
98de622142d6f8c1f99bb6f6fb89286e35406f6739f35c0c53b0a5b9c3f5ca94
-
SHA512
63278480397eb0fc9ffa076244a65f266a2af405892203e6ce9c58ba5adb645dd66f7de22bdf753ab736fb0d7d203ac310a0f965c3e8c4543c5590c3afe00637
-
SSDEEP
24576:zMR2IoM3NBQxlR3O7bC8P5Ndx9dyZueQLMpZCFcxvqSC/MrNajt0D347sEbmucnB:Af9BQyBHdUu9LsZC6xvayGU4ARIIliM
Malware Config
Targets
-
-
Target
e3c672e80f94ae85831acf7ab311fbc9_JaffaCakes118
-
Size
1.6MB
-
MD5
e3c672e80f94ae85831acf7ab311fbc9
-
SHA1
d19f5ad650830283693e82c6c66a3c6935abb214
-
SHA256
98de622142d6f8c1f99bb6f6fb89286e35406f6739f35c0c53b0a5b9c3f5ca94
-
SHA512
63278480397eb0fc9ffa076244a65f266a2af405892203e6ce9c58ba5adb645dd66f7de22bdf753ab736fb0d7d203ac310a0f965c3e8c4543c5590c3afe00637
-
SSDEEP
24576:zMR2IoM3NBQxlR3O7bC8P5Ndx9dyZueQLMpZCFcxvqSC/MrNajt0D347sEbmucnB:Af9BQyBHdUu9LsZC6xvayGU4ARIIliM
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Modifies firewall policy service
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1