General

  • Target

    bde321670555bdf7fcea4194e1590651_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240824-e172fsshpa

  • MD5

    bde321670555bdf7fcea4194e1590651

  • SHA1

    cfc103974a05b76fa05a2ae1965dd80a0f0e741a

  • SHA256

    530a45b0df3902949c06a3732404a6c0090400eea20829068ae49139407eaf7d

  • SHA512

    b3e0703b9a6c7aea10a2b435cf733d5fcd4ce1ce1309e0cdb1a8afe2e7ddd7a11dcfa243582bdd5e3ba276a9c8ed1f32165ce07b06dffc0a98fb22ad0d1dd98b

  • SSDEEP

    24576:j64MVTrP4D6zRhomOaM11FFoydNQhVXsx35IQdDMla7CiW5q7SRb:j64MTrP4ezbOEsNIZsl57ZQu7

Malware Config

Targets

    • Target

      bde321670555bdf7fcea4194e1590651_JaffaCakes118

    • Size

      1.1MB

    • MD5

      bde321670555bdf7fcea4194e1590651

    • SHA1

      cfc103974a05b76fa05a2ae1965dd80a0f0e741a

    • SHA256

      530a45b0df3902949c06a3732404a6c0090400eea20829068ae49139407eaf7d

    • SHA512

      b3e0703b9a6c7aea10a2b435cf733d5fcd4ce1ce1309e0cdb1a8afe2e7ddd7a11dcfa243582bdd5e3ba276a9c8ed1f32165ce07b06dffc0a98fb22ad0d1dd98b

    • SSDEEP

      24576:j64MVTrP4D6zRhomOaM11FFoydNQhVXsx35IQdDMla7CiW5q7SRb:j64MTrP4ezbOEsNIZsl57ZQu7

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks