General

  • Target

    be94802dec7176dedf6b914e92813873_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240824-pkep3szckc

  • MD5

    be94802dec7176dedf6b914e92813873

  • SHA1

    97f8a32314ff23e2acc0f6e048f92515cb1ba8b9

  • SHA256

    830eca29d89af67efdc3f38a732e37f13d9f89cdbdc7ec93dcf2220764ca1b17

  • SHA512

    6f3d2ebdb7f7574d35fcb367aa11fd0e0fbc92e4594b5b6a6be93088afaca5d9bc31a8e7d80db7569150fbe97813055d4beda67fb70fa32fe136207db358f498

  • SSDEEP

    24576:FZxTtPqeTsq9JaNbbLA0b4sGfmn+T2UYlfKcfNUqlQhEopCdzoH1Kwaxd7pQ:FXTxqi2Q0bkAUYlqpC2AlxRp

Malware Config

Targets

    • Target

      be94802dec7176dedf6b914e92813873_JaffaCakes118

    • Size

      1.3MB

    • MD5

      be94802dec7176dedf6b914e92813873

    • SHA1

      97f8a32314ff23e2acc0f6e048f92515cb1ba8b9

    • SHA256

      830eca29d89af67efdc3f38a732e37f13d9f89cdbdc7ec93dcf2220764ca1b17

    • SHA512

      6f3d2ebdb7f7574d35fcb367aa11fd0e0fbc92e4594b5b6a6be93088afaca5d9bc31a8e7d80db7569150fbe97813055d4beda67fb70fa32fe136207db358f498

    • SSDEEP

      24576:FZxTtPqeTsq9JaNbbLA0b4sGfmn+T2UYlfKcfNUqlQhEopCdzoH1Kwaxd7pQ:FXTxqi2Q0bkAUYlqpC2AlxRp

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks