General

  • Target

    56795e24f35888b2c3d1488f2fa48359_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240718-jvxqrashke

  • MD5

    56795e24f35888b2c3d1488f2fa48359

  • SHA1

    098845009b8bf9ae8aecd0fac4d2c44f03901a0c

  • SHA256

    cff9731943e9a8022b996bf370f898a4ccac3b283dd23deab41fb693704ae192

  • SHA512

    1d757c1052d144734e7e17190878894bc2aa8b5c7760587398ff994315608a7d1e56e854e8117154ff573773d877b91a3865a8b414faf7c04de2543e2a7d67c9

  • SSDEEP

    24576:kZxTj7huqkszuD23BWQp/Jpvyfdk/POpxq0v7RxE+HUz284phl:kXTsNsiOZRJN+dQOpUmXBcR

Malware Config

Targets

    • Target

      56795e24f35888b2c3d1488f2fa48359_JaffaCakes118

    • Size

      1.1MB

    • MD5

      56795e24f35888b2c3d1488f2fa48359

    • SHA1

      098845009b8bf9ae8aecd0fac4d2c44f03901a0c

    • SHA256

      cff9731943e9a8022b996bf370f898a4ccac3b283dd23deab41fb693704ae192

    • SHA512

      1d757c1052d144734e7e17190878894bc2aa8b5c7760587398ff994315608a7d1e56e854e8117154ff573773d877b91a3865a8b414faf7c04de2543e2a7d67c9

    • SSDEEP

      24576:kZxTj7huqkszuD23BWQp/Jpvyfdk/POpxq0v7RxE+HUz284phl:kXTsNsiOZRJN+dQOpUmXBcR

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks