General

  • Target

    60342774ed9452c8f03b83cc1a74a3d7_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240720-191vdszcjr

  • MD5

    60342774ed9452c8f03b83cc1a74a3d7

  • SHA1

    8ec9515431187392d94de9310d87d605adfa5da6

  • SHA256

    2561a0d89ca721b8f9efaf3acc6c16332a3fc0a5c98c84babae4dd3f4dc6f7b2

  • SHA512

    ca671649d89e763ae6f060cc1bd693b5befdf7eff831b64476493e922a33903e3a94a6958f5ec1a570b4c4848d83efff280204213f773e1d6d6e2180e40aee28

  • SSDEEP

    24576:AqZwLcSr1BjLuf/2uoCm1J1/XVoOMjBzXAhfJ0tY:jwLxJJqn8GOkqfP

Malware Config

Targets

    • Target

      60342774ed9452c8f03b83cc1a74a3d7_JaffaCakes118

    • Size

      1.1MB

    • MD5

      60342774ed9452c8f03b83cc1a74a3d7

    • SHA1

      8ec9515431187392d94de9310d87d605adfa5da6

    • SHA256

      2561a0d89ca721b8f9efaf3acc6c16332a3fc0a5c98c84babae4dd3f4dc6f7b2

    • SHA512

      ca671649d89e763ae6f060cc1bd693b5befdf7eff831b64476493e922a33903e3a94a6958f5ec1a570b4c4848d83efff280204213f773e1d6d6e2180e40aee28

    • SSDEEP

      24576:AqZwLcSr1BjLuf/2uoCm1J1/XVoOMjBzXAhfJ0tY:jwLxJJqn8GOkqfP

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Identifies Wine through registry keys

      Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    • Loads dropped DLL

    • Themida packer

      Detects Themida, an advanced Windows software protection system.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks