General

  • Target

    8229c29480e7636c5145f9ba93cd4812_JaffaCakes118

  • Size

    954KB

  • Sample

    240801-3hvv6ssdpp

  • MD5

    8229c29480e7636c5145f9ba93cd4812

  • SHA1

    22d08a6ec495d89aebf92d0030f3657dc791e0e8

  • SHA256

    06db2b25066869add73de994baad807c8529dbf863fc82a296b8313af4c33c2e

  • SHA512

    abfcbb432ea29d3c5e8ddcf60bf89eb602cc1593e0f5afc5b23991d997f77bef5d0812ed61a8f4b97c57ed5202c3cf604b5044ea78aa7767ecfb77ea4f0613d3

  • SSDEEP

    24576:t687jOngmmkeLUYWziHN42Xo2d3JgfOrORkNWv:lqgmhzLziHq0o2d3JrrO1v

Malware Config

Targets

    • Target

      8229c29480e7636c5145f9ba93cd4812_JaffaCakes118

    • Size

      954KB

    • MD5

      8229c29480e7636c5145f9ba93cd4812

    • SHA1

      22d08a6ec495d89aebf92d0030f3657dc791e0e8

    • SHA256

      06db2b25066869add73de994baad807c8529dbf863fc82a296b8313af4c33c2e

    • SHA512

      abfcbb432ea29d3c5e8ddcf60bf89eb602cc1593e0f5afc5b23991d997f77bef5d0812ed61a8f4b97c57ed5202c3cf604b5044ea78aa7767ecfb77ea4f0613d3

    • SSDEEP

      24576:t687jOngmmkeLUYWziHN42Xo2d3JgfOrORkNWv:lqgmhzLziHq0o2d3JrrO1v

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks