General

  • Target

    77c3a99c1f481952191e5be167f30652_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240727-l1e41avgrd

  • MD5

    77c3a99c1f481952191e5be167f30652

  • SHA1

    f1f2967b85221f4ed643dd0b717ef4d7318f01f5

  • SHA256

    0cf0fb26fd8b180f820618ffefb27ee77ccafad08a1fcd8f7920e23b11dc17f3

  • SHA512

    62fae59789dddcbb90bbe66a93725ef577b1eab3307cb0e3318009ffeb35586e01bb7095186393a268803bbd937217c72f93033c424a1b73f77236d582a9bdf7

  • SSDEEP

    24576:NVaUTOpqR2M9sqRE5FaY7q5K2YfEynMBF4pmoosceeXiNTi/1rHFmm7A:NVrTOYXEzaY7qY2YfEynoF4Ide/NTix

Malware Config

Targets

    • Target

      77c3a99c1f481952191e5be167f30652_JaffaCakes118

    • Size

      1.2MB

    • MD5

      77c3a99c1f481952191e5be167f30652

    • SHA1

      f1f2967b85221f4ed643dd0b717ef4d7318f01f5

    • SHA256

      0cf0fb26fd8b180f820618ffefb27ee77ccafad08a1fcd8f7920e23b11dc17f3

    • SHA512

      62fae59789dddcbb90bbe66a93725ef577b1eab3307cb0e3318009ffeb35586e01bb7095186393a268803bbd937217c72f93033c424a1b73f77236d582a9bdf7

    • SSDEEP

      24576:NVaUTOpqR2M9sqRE5FaY7q5K2YfEynMBF4pmoosceeXiNTi/1rHFmm7A:NVrTOYXEzaY7qY2YfEynoF4Ide/NTix

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks