General

  • Target

    592eace6c03b1d967a68cee2d10ced1e_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240718-1j3lasxfnn

  • MD5

    592eace6c03b1d967a68cee2d10ced1e

  • SHA1

    21f20aaee057bb0dcc0c719477c54d2ff358d9a0

  • SHA256

    b905e8b101b30a7d52bd850df8f20281143cd8a654a0d9b8c98222890f1e073f

  • SHA512

    371ec06813818a8fcad8a71ec199a08c16167cb8d65211dd943307bada94d4bce1e3d89f262ac99e38de477e2460248a2cc55df03ae695a456af267bf9889370

  • SSDEEP

    24576:364MVT73Y6teg4QWlnC75rN8ktup0a/UsCFD2Rc7E0VCyHuFVYSs:364MTjPeg4Nnk5xup0RBFDBE0oyHuFk

Malware Config

Targets

    • Target

      592eace6c03b1d967a68cee2d10ced1e_JaffaCakes118

    • Size

      1.1MB

    • MD5

      592eace6c03b1d967a68cee2d10ced1e

    • SHA1

      21f20aaee057bb0dcc0c719477c54d2ff358d9a0

    • SHA256

      b905e8b101b30a7d52bd850df8f20281143cd8a654a0d9b8c98222890f1e073f

    • SHA512

      371ec06813818a8fcad8a71ec199a08c16167cb8d65211dd943307bada94d4bce1e3d89f262ac99e38de477e2460248a2cc55df03ae695a456af267bf9889370

    • SSDEEP

      24576:364MVT73Y6teg4QWlnC75rN8ktup0a/UsCFD2Rc7E0VCyHuFVYSs:364MTjPeg4Nnk5xup0RBFDBE0oyHuFk

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks