General

  • Target

    65df3c385d174f9e211757b25925be30_JaffaCakes118

  • Size

    522KB

  • Sample

    240723-dfnawatekc

  • MD5

    65df3c385d174f9e211757b25925be30

  • SHA1

    9261218e9c7be26305f7b45831d95f152be4e54f

  • SHA256

    14a3df7dce7912f61f40a0b29ee4f82d2a9c369cd9f294916ad317a7a3c4b77b

  • SHA512

    efe3da4609793472d0bc0d96290130b9fa566c9c94bb20082bd4ed0d058ca6cab81306958f1e50329dee4327311ec04e856c29630814a19f796f73d48e8f5a58

  • SSDEEP

    12288:/deqXOJiv3MUFdFWcst1BYrySd88OqFXXaoUjCkf5Vk/I+ZzMg8h:wqXqUjdFM1aryq88OqB4Ckf5VYXFu

Malware Config

Targets

    • Target

      65df3c385d174f9e211757b25925be30_JaffaCakes118

    • Size

      522KB

    • MD5

      65df3c385d174f9e211757b25925be30

    • SHA1

      9261218e9c7be26305f7b45831d95f152be4e54f

    • SHA256

      14a3df7dce7912f61f40a0b29ee4f82d2a9c369cd9f294916ad317a7a3c4b77b

    • SHA512

      efe3da4609793472d0bc0d96290130b9fa566c9c94bb20082bd4ed0d058ca6cab81306958f1e50329dee4327311ec04e856c29630814a19f796f73d48e8f5a58

    • SSDEEP

      12288:/deqXOJiv3MUFdFWcst1BYrySd88OqFXXaoUjCkf5Vk/I+ZzMg8h:wqXqUjdFM1aryq88OqB4Ckf5VYXFu

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks