General

  • Target

    5af3c46193e645b0b8cf9ea57b92ee67_JaffaCakes118

  • Size

    2.7MB

  • Sample

    240719-h4wz5ssbmh

  • MD5

    5af3c46193e645b0b8cf9ea57b92ee67

  • SHA1

    00330e57d144b44912389d751a1d4e4a5ac66d64

  • SHA256

    d01423709d2637ecc6927d64fb9f80036ab40a354d2cc36f6ed5f4f6ffe4ebe0

  • SHA512

    5857fbc9337789bd80c507c7808873733f9dd75f0bf698f7c3cdc65d82e31addbc7294f4d5d39df579a8ad1085f3c1fd744231b878f99454c1ba68b961643b92

  • SSDEEP

    49152:dYbDbkUopsyyi6jSLTjtnMhGcYuhsLpmsjnHXPMgDXc2mB95CDv/nl25c17WO0CQ:IbXopsyRvRaYu+jT0mc2mB+DkG3VO

Malware Config

Targets

    • Target

      5af3c46193e645b0b8cf9ea57b92ee67_JaffaCakes118

    • Size

      2.7MB

    • MD5

      5af3c46193e645b0b8cf9ea57b92ee67

    • SHA1

      00330e57d144b44912389d751a1d4e4a5ac66d64

    • SHA256

      d01423709d2637ecc6927d64fb9f80036ab40a354d2cc36f6ed5f4f6ffe4ebe0

    • SHA512

      5857fbc9337789bd80c507c7808873733f9dd75f0bf698f7c3cdc65d82e31addbc7294f4d5d39df579a8ad1085f3c1fd744231b878f99454c1ba68b961643b92

    • SSDEEP

      49152:dYbDbkUopsyyi6jSLTjtnMhGcYuhsLpmsjnHXPMgDXc2mB95CDv/nl25c17WO0CQ:IbXopsyRvRaYu+jT0mc2mB+DkG3VO

    • Ardamax

      A keylogger first seen in 2013.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks