General

  • Target

    5d257fce2010ab6bf734734d45808ccc_JaffaCakes118

  • Size

    549KB

  • Sample

    240719-w49g5axgja

  • MD5

    5d257fce2010ab6bf734734d45808ccc

  • SHA1

    d4a3e354894dbce4346aa14d072fbb8661608649

  • SHA256

    c73411face15979f5152dc809b026fed0f067ba6c7785ef1acd48aaa2caceaf3

  • SHA512

    ad97aca3e7221a74a7dfb65dd00fd646e945c669689ba85a5268492fdf435174eb060a608d0fa0863881f1661f3b6e3c893123d64886d112d72484a370e61c6d

  • SSDEEP

    12288:NIMZ5hqth+ZdgJdGI8QIfaxILJnratV8ZXDwyp8LEWT4lzR:jPcpJMIoaxUn0SuyPG4H

Malware Config

Targets

    • Target

      5d257fce2010ab6bf734734d45808ccc_JaffaCakes118

    • Size

      549KB

    • MD5

      5d257fce2010ab6bf734734d45808ccc

    • SHA1

      d4a3e354894dbce4346aa14d072fbb8661608649

    • SHA256

      c73411face15979f5152dc809b026fed0f067ba6c7785ef1acd48aaa2caceaf3

    • SHA512

      ad97aca3e7221a74a7dfb65dd00fd646e945c669689ba85a5268492fdf435174eb060a608d0fa0863881f1661f3b6e3c893123d64886d112d72484a370e61c6d

    • SSDEEP

      12288:NIMZ5hqth+ZdgJdGI8QIfaxILJnratV8ZXDwyp8LEWT4lzR:jPcpJMIoaxUn0SuyPG4H

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks