General

  • Target

    7da551fd7d9e51b06f23e7101a9780cd_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240731-x7vntazbjq

  • MD5

    7da551fd7d9e51b06f23e7101a9780cd

  • SHA1

    9092015ecf7c114b70c58762195a9ddb9b4aff1f

  • SHA256

    7b74c25d8e2c66a198cdb0cfa56be815617d49578d25e57ad2e79fc5a5d2ed07

  • SHA512

    2861b3d6f69757bfa0d6d611f8918f3b3549ba607d07925f878b85a4b675f934bd8c54993caa5c42f28424dfdb5c8d1a245aac158202b5977978b15479fb5045

  • SSDEEP

    49152:9XTYPcN4veiIAEhgrFDBWLLRAnnMcooBx416rYQZ3fEXQRMDp795i5skfP5IYCc:jNOeWygPqRqxQxBXQml0PPt

Malware Config

Targets

    • Target

      7da551fd7d9e51b06f23e7101a9780cd_JaffaCakes118

    • Size

      2.6MB

    • MD5

      7da551fd7d9e51b06f23e7101a9780cd

    • SHA1

      9092015ecf7c114b70c58762195a9ddb9b4aff1f

    • SHA256

      7b74c25d8e2c66a198cdb0cfa56be815617d49578d25e57ad2e79fc5a5d2ed07

    • SHA512

      2861b3d6f69757bfa0d6d611f8918f3b3549ba607d07925f878b85a4b675f934bd8c54993caa5c42f28424dfdb5c8d1a245aac158202b5977978b15479fb5045

    • SSDEEP

      49152:9XTYPcN4veiIAEhgrFDBWLLRAnnMcooBx416rYQZ3fEXQRMDp795i5skfP5IYCc:jNOeWygPqRqxQxBXQml0PPt

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks