General

  • Target

    7bbd3209c2f9a006240ad39c6ff4a9fb_JaffaCakes118

  • Size

    12.4MB

  • Sample

    240731-jdtyjatejn

  • MD5

    7bbd3209c2f9a006240ad39c6ff4a9fb

  • SHA1

    b14a2d50e9370b154ae567a2c65594da3478f2e8

  • SHA256

    f16d04400634da3e1c941d20b2a3a96cd4ccfcc45616f511b31c71461523c04c

  • SHA512

    a8928cabaeb0abf24e9d7ca0a2874c1a1f6961b17ba2ddf8c2e8805a683d0c287f84e1ec7095293de72057477717ae9f60c47cd3bb885f3ff4f4aaac5bd72e4b

  • SSDEEP

    393216:nP3tC2xkHI0cvuFYT3SiiOiadZsz3KubT:nCo5uYLkMmGubT

Malware Config

Targets

    • Target

      7bbd3209c2f9a006240ad39c6ff4a9fb_JaffaCakes118

    • Size

      12.4MB

    • MD5

      7bbd3209c2f9a006240ad39c6ff4a9fb

    • SHA1

      b14a2d50e9370b154ae567a2c65594da3478f2e8

    • SHA256

      f16d04400634da3e1c941d20b2a3a96cd4ccfcc45616f511b31c71461523c04c

    • SHA512

      a8928cabaeb0abf24e9d7ca0a2874c1a1f6961b17ba2ddf8c2e8805a683d0c287f84e1ec7095293de72057477717ae9f60c47cd3bb885f3ff4f4aaac5bd72e4b

    • SSDEEP

      393216:nP3tC2xkHI0cvuFYT3SiiOiadZsz3KubT:nCo5uYLkMmGubT

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks