General

  • Target

    7c6b964a64bc3b10c0742e91a532956a_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240731-pr17natbkq

  • MD5

    7c6b964a64bc3b10c0742e91a532956a

  • SHA1

    2aec930840313fc212c67f5e273a8994750d1621

  • SHA256

    053c841416a4b01de15f3fed10e02b2255b565655bac90c704f3ab7eae386f59

  • SHA512

    e774d844d722b0239b202bc048b48ddb611bf288389999d09c4838fc84e84046a061c1d0b70e4c47d2744ba9ac7a172caef606087b235030354e72dd9602adc9

  • SSDEEP

    24576:BZxTi3uWFLEIjnCWtB6q1tzdlRgOqDxXq7jUr46Hjw1pBxO2I3UTKIOHQpj:BXTittEIjd/51Dl+dVXq7AHjw1/NIpV

Malware Config

Targets

    • Target

      7c6b964a64bc3b10c0742e91a532956a_JaffaCakes118

    • Size

      1.2MB

    • MD5

      7c6b964a64bc3b10c0742e91a532956a

    • SHA1

      2aec930840313fc212c67f5e273a8994750d1621

    • SHA256

      053c841416a4b01de15f3fed10e02b2255b565655bac90c704f3ab7eae386f59

    • SHA512

      e774d844d722b0239b202bc048b48ddb611bf288389999d09c4838fc84e84046a061c1d0b70e4c47d2744ba9ac7a172caef606087b235030354e72dd9602adc9

    • SSDEEP

      24576:BZxTi3uWFLEIjnCWtB6q1tzdlRgOqDxXq7jUr46Hjw1pBxO2I3UTKIOHQpj:BXTittEIjd/51Dl+dVXq7AHjw1/NIpV

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks