General

  • Target

    77813515592c8eee78e0ae6ec8409a99_JaffaCakes118

  • Size

    494KB

  • Sample

    240727-j69vfswfjj

  • MD5

    77813515592c8eee78e0ae6ec8409a99

  • SHA1

    fac10c8334e8fe976b995ca518c6699a3aa216ff

  • SHA256

    4374cfe4667846d44ae21aabfd03d73edd427ddc02bbdfc478dbca33867a46aa

  • SHA512

    20b5a6ab846fe6974dec40f49b5c1512441ac32294e7a988ca8e6016782712ed7a4161bd98b740a2afbe91336373f0e77d9f68d115598971a7d645c4009e4df8

  • SSDEEP

    12288:gGAzlGPNiFblmSCYmeWWlK7F8uhJ6KBZwZeRESxqaW:mRJFFlY7oKcEWP

Malware Config

Targets

    • Target

      77813515592c8eee78e0ae6ec8409a99_JaffaCakes118

    • Size

      494KB

    • MD5

      77813515592c8eee78e0ae6ec8409a99

    • SHA1

      fac10c8334e8fe976b995ca518c6699a3aa216ff

    • SHA256

      4374cfe4667846d44ae21aabfd03d73edd427ddc02bbdfc478dbca33867a46aa

    • SHA512

      20b5a6ab846fe6974dec40f49b5c1512441ac32294e7a988ca8e6016782712ed7a4161bd98b740a2afbe91336373f0e77d9f68d115598971a7d645c4009e4df8

    • SSDEEP

      12288:gGAzlGPNiFblmSCYmeWWlK7F8uhJ6KBZwZeRESxqaW:mRJFFlY7oKcEWP

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks