General

  • Target

    6311be004919e0d2feea4f322dabdddb_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240722-np26haweqp

  • MD5

    6311be004919e0d2feea4f322dabdddb

  • SHA1

    4838b7cd7baa21472e9f4e43285bf48efe09f9c0

  • SHA256

    8b46c8385f55a82752d7c12430899f96d698e0537d7acca8e7af39a958df8a6d

  • SHA512

    8a1d6f1991d5cf5a8ed8863a343858d8844b3e5e1a8e100195c99f6d72593e82afcf77c6b4396f868eca955be84b648399b1249b78099e2a4831b609452d2ef9

  • SSDEEP

    24576:2k/ATkec0kaeEA6QVE/Y5aKdqxGksUAaCISXpLSSqk1:noTkec0kaeEGVWY5mXsUUVXpLSS

Malware Config

Targets

    • Target

      6311be004919e0d2feea4f322dabdddb_JaffaCakes118

    • Size

      1.1MB

    • MD5

      6311be004919e0d2feea4f322dabdddb

    • SHA1

      4838b7cd7baa21472e9f4e43285bf48efe09f9c0

    • SHA256

      8b46c8385f55a82752d7c12430899f96d698e0537d7acca8e7af39a958df8a6d

    • SHA512

      8a1d6f1991d5cf5a8ed8863a343858d8844b3e5e1a8e100195c99f6d72593e82afcf77c6b4396f868eca955be84b648399b1249b78099e2a4831b609452d2ef9

    • SSDEEP

      24576:2k/ATkec0kaeEA6QVE/Y5aKdqxGksUAaCISXpLSSqk1:noTkec0kaeEGVWY5mXsUUVXpLSS

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks