General

  • Target

    5da4d140536879753010c79159a89d6d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240719-zsrpqazbkq

  • MD5

    5da4d140536879753010c79159a89d6d

  • SHA1

    fa387147d822cc4553d23e976ebd4807c87624f2

  • SHA256

    3774fd88aa94d28831d3d9c4db9aaceea01e17c0b7dc6a5a734c04e56b49a822

  • SHA512

    c7fe83dfa8df82997ca71ec0aa4f7d22025e06676fb27bca001f3cf6087e85e2d6e530eae253ef1b71ead2350ca1b06b4115a72cc8139a10c2f9d870e043e0aa

  • SSDEEP

    24576:Gk/ATz9a6aMDNhow1D9uhlF8KULRwHX7iXQl6QCScld:XoTz9aVwJ9uhr8AHX1EQC

Malware Config

Targets

    • Target

      5da4d140536879753010c79159a89d6d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      5da4d140536879753010c79159a89d6d

    • SHA1

      fa387147d822cc4553d23e976ebd4807c87624f2

    • SHA256

      3774fd88aa94d28831d3d9c4db9aaceea01e17c0b7dc6a5a734c04e56b49a822

    • SHA512

      c7fe83dfa8df82997ca71ec0aa4f7d22025e06676fb27bca001f3cf6087e85e2d6e530eae253ef1b71ead2350ca1b06b4115a72cc8139a10c2f9d870e043e0aa

    • SSDEEP

      24576:Gk/ATz9a6aMDNhow1D9uhlF8KULRwHX7iXQl6QCScld:XoTz9aVwJ9uhr8AHX1EQC

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks