General

  • Target

    7e9c4906fec6cc33dbc0b426a4da3d06_JaffaCakes118

  • Size

    480KB

  • Sample

    240801-bcj3yasgnk

  • MD5

    7e9c4906fec6cc33dbc0b426a4da3d06

  • SHA1

    a670e9a01bf4a7b267ac38366dab4fdc42039682

  • SHA256

    125c81c42472fa5cf4c67ea38f6bd9c8b5543fd0f07785bc971bf9d3fdf2b3b2

  • SHA512

    fdb3f2f255a938fa6ac136c9f07aa0ea1ec0d537685d94a2e515c83a21e919e565b977eaf30a39515e6115ed9b831f6b9197258ee43de714dba612b939756a20

  • SSDEEP

    12288:ya5NNRPdbl8F/0145Anxjk7/sY49z6Bg:ya5PZ8R01NlY

Malware Config

Targets

    • Target

      7e9c4906fec6cc33dbc0b426a4da3d06_JaffaCakes118

    • Size

      480KB

    • MD5

      7e9c4906fec6cc33dbc0b426a4da3d06

    • SHA1

      a670e9a01bf4a7b267ac38366dab4fdc42039682

    • SHA256

      125c81c42472fa5cf4c67ea38f6bd9c8b5543fd0f07785bc971bf9d3fdf2b3b2

    • SHA512

      fdb3f2f255a938fa6ac136c9f07aa0ea1ec0d537685d94a2e515c83a21e919e565b977eaf30a39515e6115ed9b831f6b9197258ee43de714dba612b939756a20

    • SSDEEP

      12288:ya5NNRPdbl8F/0145Anxjk7/sY49z6Bg:ya5PZ8R01NlY

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks