General

  • Target

    bd24ed6db51bc73b22919b1cd831d162_JaffaCakes118

  • Size

    621KB

  • Sample

    240823-zvs1kaycpl

  • MD5

    bd24ed6db51bc73b22919b1cd831d162

  • SHA1

    fe336eac6186836aac6f413f0affa99cb4a7be43

  • SHA256

    1a053bcbcaaeba79593612e77fa1b8546df42c4970cdb5e8ad8e8b7803cc3bc3

  • SHA512

    b537ca3177f237dafc0e3b83b263915e333f3f95ca8d7424e80f3e68d6fdc1fbbd6ce60a72469817c089e0b93cc388fb06dc6649c3de4dec670031fe3451a6a2

  • SSDEEP

    12288:z3TdtLW5WIj1YSSdFHsBSXyMzBUWb9lx/9AgHLo8OW+rBBR:zDsj1dEWBcJ9nPx/igrp+B

Malware Config

Targets

    • Target

      bd24ed6db51bc73b22919b1cd831d162_JaffaCakes118

    • Size

      621KB

    • MD5

      bd24ed6db51bc73b22919b1cd831d162

    • SHA1

      fe336eac6186836aac6f413f0affa99cb4a7be43

    • SHA256

      1a053bcbcaaeba79593612e77fa1b8546df42c4970cdb5e8ad8e8b7803cc3bc3

    • SHA512

      b537ca3177f237dafc0e3b83b263915e333f3f95ca8d7424e80f3e68d6fdc1fbbd6ce60a72469817c089e0b93cc388fb06dc6649c3de4dec670031fe3451a6a2

    • SSDEEP

      12288:z3TdtLW5WIj1YSSdFHsBSXyMzBUWb9lx/9AgHLo8OW+rBBR:zDsj1dEWBcJ9nPx/igrp+B

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Modifies WinLogon for persistence

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.