General

  • Target

    81b929ce0a8db49538d5d405e07acdd8_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240801-yan1fazbka

  • MD5

    81b929ce0a8db49538d5d405e07acdd8

  • SHA1

    e485229c34b1bb3ff2a688c916e575b848179b9a

  • SHA256

    d2543b8808c6554d3a1cfe7d3e0f3652bec283cd73040c808a7cecf04fb3e9c4

  • SHA512

    3da5339aa12b2780f535fe496be53cb0a147eda4bfc54031d8057b5e1713c913c5fe807a83d1220a337bd02da5a2cdb26c7bf1ee7ae5e564c51357f3fe74b213

  • SSDEEP

    24576:1ZxTqn2ZJkM45kXuVy8kDOoPjyGf/952uM++TXyQnxq07+ALPmoiMySeneB:1XTqn2Z3skXuMDOG908+bfnxdX5S

Malware Config

Targets

    • Target

      81b929ce0a8db49538d5d405e07acdd8_JaffaCakes118

    • Size

      1.3MB

    • MD5

      81b929ce0a8db49538d5d405e07acdd8

    • SHA1

      e485229c34b1bb3ff2a688c916e575b848179b9a

    • SHA256

      d2543b8808c6554d3a1cfe7d3e0f3652bec283cd73040c808a7cecf04fb3e9c4

    • SHA512

      3da5339aa12b2780f535fe496be53cb0a147eda4bfc54031d8057b5e1713c913c5fe807a83d1220a337bd02da5a2cdb26c7bf1ee7ae5e564c51357f3fe74b213

    • SSDEEP

      24576:1ZxTqn2ZJkM45kXuVy8kDOoPjyGf/952uM++TXyQnxq07+ALPmoiMySeneB:1XTqn2Z3skXuMDOG908+bfnxdX5S

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks