General

  • Target

    66b880f149c807971f8b49a866f10772_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240723-jnterawckk

  • MD5

    66b880f149c807971f8b49a866f10772

  • SHA1

    500a8ee8bf2394029ec7273a0a403dfe40b8cea9

  • SHA256

    09b25a8a66982e765f38e4db14dbc989bb5063e3faf1f058753cd56d4de7e669

  • SHA512

    698954071c00135b9f9fbb67d7f7fd7fc8235a4e143b5250aed7c4f4da00091fce411cf814a080850f1a79f96e6696419cf49bb52833b67b0035e3b17085e35c

  • SSDEEP

    24576:HZxTE1qnN2N6nJAK5EqIImgROciQY1gaqOvJmJZPoM:HXTWaNs2J3Eqpj0QYDjvg8

Malware Config

Targets

    • Target

      66b880f149c807971f8b49a866f10772_JaffaCakes118

    • Size

      1.1MB

    • MD5

      66b880f149c807971f8b49a866f10772

    • SHA1

      500a8ee8bf2394029ec7273a0a403dfe40b8cea9

    • SHA256

      09b25a8a66982e765f38e4db14dbc989bb5063e3faf1f058753cd56d4de7e669

    • SHA512

      698954071c00135b9f9fbb67d7f7fd7fc8235a4e143b5250aed7c4f4da00091fce411cf814a080850f1a79f96e6696419cf49bb52833b67b0035e3b17085e35c

    • SSDEEP

      24576:HZxTE1qnN2N6nJAK5EqIImgROciQY1gaqOvJmJZPoM:HXTWaNs2J3Eqpj0QYDjvg8

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks