General

  • Target

    832d00f24ff6da9a9aa0f7c196eef3c3_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240802-fy5c8axgqr

  • MD5

    832d00f24ff6da9a9aa0f7c196eef3c3

  • SHA1

    c44ab4b8568820054df02d415213ccb3cc408a20

  • SHA256

    c5c9b85990fc09029e68fdbd2f4dcdb22180565cc353532e772bff08e3a0408c

  • SHA512

    8d3f5682d3f62833a7b6bde36b5855cfeea6b0528cc92a3911f8a618a9432a6b55b43843063dddef38ac10e83d609e338757939c6e4b3c3811caa6066e92b60b

  • SSDEEP

    24576:0eTWDfG0S1fV0iMlUZzutvnS6eQad4txR9vZZsDSyFn3FaI+G:0eYk0tiutvSDkvpv/yF3Fj+

Malware Config

Targets

    • Target

      832d00f24ff6da9a9aa0f7c196eef3c3_JaffaCakes118

    • Size

      1.3MB

    • MD5

      832d00f24ff6da9a9aa0f7c196eef3c3

    • SHA1

      c44ab4b8568820054df02d415213ccb3cc408a20

    • SHA256

      c5c9b85990fc09029e68fdbd2f4dcdb22180565cc353532e772bff08e3a0408c

    • SHA512

      8d3f5682d3f62833a7b6bde36b5855cfeea6b0528cc92a3911f8a618a9432a6b55b43843063dddef38ac10e83d609e338757939c6e4b3c3811caa6066e92b60b

    • SSDEEP

      24576:0eTWDfG0S1fV0iMlUZzutvnS6eQad4txR9vZZsDSyFn3FaI+G:0eYk0tiutvSDkvpv/yF3Fj+

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks