General

  • Target

    7f6bfab0ef786c8ff63d275eef78fa66_JaffaCakes118

  • Size

    480KB

  • Sample

    240801-grxv8swajr

  • MD5

    7f6bfab0ef786c8ff63d275eef78fa66

  • SHA1

    e7c63868ce562c6d820f476dafab7da044a622f1

  • SHA256

    f21179e19b0de287a0ba635a2b18854ab2b56d57a661d51b80f45b5fa3f0f238

  • SHA512

    b0d76e237673020df19e5644a19fc8a452b28a529be6a671ab6311a8ab7e577ede883d636c1c2cdcb64b878d4473fda53958bcd1136f7030fdd8968f30a4967c

  • SSDEEP

    12288:M9vsiByAQWn06TxiFP6+7FaMpNkrOS0I8UlUMG:XEN+5W9lS

Malware Config

Targets

    • Target

      7f6bfab0ef786c8ff63d275eef78fa66_JaffaCakes118

    • Size

      480KB

    • MD5

      7f6bfab0ef786c8ff63d275eef78fa66

    • SHA1

      e7c63868ce562c6d820f476dafab7da044a622f1

    • SHA256

      f21179e19b0de287a0ba635a2b18854ab2b56d57a661d51b80f45b5fa3f0f238

    • SHA512

      b0d76e237673020df19e5644a19fc8a452b28a529be6a671ab6311a8ab7e577ede883d636c1c2cdcb64b878d4473fda53958bcd1136f7030fdd8968f30a4967c

    • SSDEEP

      12288:M9vsiByAQWn06TxiFP6+7FaMpNkrOS0I8UlUMG:XEN+5W9lS

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks