General

  • Target

    b8524b2b1bc8241c408600cefdcde821_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240822-tt7jnswgka

  • MD5

    b8524b2b1bc8241c408600cefdcde821

  • SHA1

    72fb7b330842c12d91f4636f25e6c4d43574c9a7

  • SHA256

    a9507d8377fde1343f92c5ba7f7c0721c5d1c4af5f317c64f10fb2a349c7431d

  • SHA512

    b20e6f41755d0675a0e6ca9c92d567bea748054a599eb44e87cc06909133d975b9a9cd87e8a8884d509a86c2417982a76e8f74b2015364b3105dd766ea0fe82b

  • SSDEEP

    24576:k65IkNmFqY8xl0qsBT/y1c6syYh/8VGQaztdeK/MW9h9ZFpbM+sEc+CUG6:H5hNSqzXQtB6s9d8cThdeE9h9zpfzX

Malware Config

Targets

    • Target

      b8524b2b1bc8241c408600cefdcde821_JaffaCakes118

    • Size

      1.2MB

    • MD5

      b8524b2b1bc8241c408600cefdcde821

    • SHA1

      72fb7b330842c12d91f4636f25e6c4d43574c9a7

    • SHA256

      a9507d8377fde1343f92c5ba7f7c0721c5d1c4af5f317c64f10fb2a349c7431d

    • SHA512

      b20e6f41755d0675a0e6ca9c92d567bea748054a599eb44e87cc06909133d975b9a9cd87e8a8884d509a86c2417982a76e8f74b2015364b3105dd766ea0fe82b

    • SSDEEP

      24576:k65IkNmFqY8xl0qsBT/y1c6syYh/8VGQaztdeK/MW9h9ZFpbM+sEc+CUG6:H5hNSqzXQtB6s9d8cThdeE9h9zpfzX

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.