General

  • Target

    61c7407f12837bb4ea4c2de526f7364d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240721-23j4qssajr

  • MD5

    61c7407f12837bb4ea4c2de526f7364d

  • SHA1

    59a0a43e43c9d9e814b03ef5a0126577dccb8dbd

  • SHA256

    4f0d2ffbc946083e38333012faa1132ff7f2479760819a1d5a05bd80777e50fc

  • SHA512

    838bf7bfa17e5125980d067724330cb73aae41ed07bc46ca107898daa7e1ecbc18b2d5d51f2de412a765068c07ccee138d37785634cf0e478ae863f18cbf4caf

  • SSDEEP

    24576:oU4oT7xcVaXEc/GbylnRj9n6b26FIufDR1cXY3Vw6fASyWV5onrqMLhvV5Ncc0Wz:oULTOSnMylh96b2cIsR6YFzfANWuhruk

Malware Config

Targets

    • Target

      61c7407f12837bb4ea4c2de526f7364d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      61c7407f12837bb4ea4c2de526f7364d

    • SHA1

      59a0a43e43c9d9e814b03ef5a0126577dccb8dbd

    • SHA256

      4f0d2ffbc946083e38333012faa1132ff7f2479760819a1d5a05bd80777e50fc

    • SHA512

      838bf7bfa17e5125980d067724330cb73aae41ed07bc46ca107898daa7e1ecbc18b2d5d51f2de412a765068c07ccee138d37785634cf0e478ae863f18cbf4caf

    • SSDEEP

      24576:oU4oT7xcVaXEc/GbylnRj9n6b26FIufDR1cXY3Vw6fASyWV5onrqMLhvV5Ncc0Wz:oULTOSnMylh96b2cIsR6YFzfANWuhruk

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks