General

  • Target

    7bd8dc324d24c6e97dbbfe4a4bec6faf_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240731-j3qmeazcqb

  • MD5

    7bd8dc324d24c6e97dbbfe4a4bec6faf

  • SHA1

    1fb35cbc43c4dc20833f468f055f99ccd755bd0e

  • SHA256

    871efadf1dee001e6cc1bc8484a9302df96c0e158037a694ef64664c0cae5e53

  • SHA512

    d52d3e48c383f3c36caf55a65f9ffb11952c1fab9dfb39b279e8fd8d8408e5d196f090f7758954986d2a08b7752cfc5044d09edec0d28cd76d6a18bfa7d2bf21

  • SSDEEP

    24576:GHvZT6I0qDjzztIjhUY1QBcoxI6wvhNKZPca3k+5GvG:WBTzPzGjhUYQBcPnm/ov

Malware Config

Targets

    • Target

      7bd8dc324d24c6e97dbbfe4a4bec6faf_JaffaCakes118

    • Size

      1.1MB

    • MD5

      7bd8dc324d24c6e97dbbfe4a4bec6faf

    • SHA1

      1fb35cbc43c4dc20833f468f055f99ccd755bd0e

    • SHA256

      871efadf1dee001e6cc1bc8484a9302df96c0e158037a694ef64664c0cae5e53

    • SHA512

      d52d3e48c383f3c36caf55a65f9ffb11952c1fab9dfb39b279e8fd8d8408e5d196f090f7758954986d2a08b7752cfc5044d09edec0d28cd76d6a18bfa7d2bf21

    • SSDEEP

      24576:GHvZT6I0qDjzztIjhUY1QBcoxI6wvhNKZPca3k+5GvG:WBTzPzGjhUYQBcPnm/ov

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks