General

  • Target

    7bff3247962bf6bad293b776b822dac1_JaffaCakes118

  • Size

    969KB

  • Sample

    240731-k1wajs1hpg

  • MD5

    7bff3247962bf6bad293b776b822dac1

  • SHA1

    3dd7fb9f2423537acda4e5be107e7d1acc2f88fe

  • SHA256

    f469560d109f2f58c97cc591d35b14c03eaae3feaddbaab50a90c8d6f8afc696

  • SHA512

    1ddfb639727000f3a90a3bfc9476b49841d55eb6f5ab24248fa27487bc19d9a3868bc401bfb18b017c71f8da346a66fab3311450989b8dd828efc0e1763a4fd3

  • SSDEEP

    24576:bss1VrAwz/VpKmnp+ds2sDGQ2ugB+fscvwK:bp1ew/TKmenQYaj

Malware Config

Targets

    • Target

      7bff3247962bf6bad293b776b822dac1_JaffaCakes118

    • Size

      969KB

    • MD5

      7bff3247962bf6bad293b776b822dac1

    • SHA1

      3dd7fb9f2423537acda4e5be107e7d1acc2f88fe

    • SHA256

      f469560d109f2f58c97cc591d35b14c03eaae3feaddbaab50a90c8d6f8afc696

    • SHA512

      1ddfb639727000f3a90a3bfc9476b49841d55eb6f5ab24248fa27487bc19d9a3868bc401bfb18b017c71f8da346a66fab3311450989b8dd828efc0e1763a4fd3

    • SSDEEP

      24576:bss1VrAwz/VpKmnp+ds2sDGQ2ugB+fscvwK:bp1ew/TKmenQYaj

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks