General

  • Target

    c564a8b7cd6f0983ceb447939ef22a49_JaffaCakes118

  • Size

    847KB

  • Sample

    240827-v1626asanc

  • MD5

    c564a8b7cd6f0983ceb447939ef22a49

  • SHA1

    811f6e3422104e98de52000eae21ddab6f76f3cf

  • SHA256

    ffb3fb6b0bc0d25ac0636546e8b9d012e4095787974efcfcae369795e41c748e

  • SHA512

    660a0d1eb084ff203e31acf188a564ffc5fb5cb0e041ab41f66021f1e7f7d1efb5a048ce2420101d8862a56d2c575c5cd3ebdb5cff64a7c04697cf54b3bb84f8

  • SSDEEP

    24576:zHFnUboWB3QNPnAW+ZsmwA3OFU9iI1cPpp:JnB9pozjs

Malware Config

Targets

    • Target

      c564a8b7cd6f0983ceb447939ef22a49_JaffaCakes118

    • Size

      847KB

    • MD5

      c564a8b7cd6f0983ceb447939ef22a49

    • SHA1

      811f6e3422104e98de52000eae21ddab6f76f3cf

    • SHA256

      ffb3fb6b0bc0d25ac0636546e8b9d012e4095787974efcfcae369795e41c748e

    • SHA512

      660a0d1eb084ff203e31acf188a564ffc5fb5cb0e041ab41f66021f1e7f7d1efb5a048ce2420101d8862a56d2c575c5cd3ebdb5cff64a7c04697cf54b3bb84f8

    • SSDEEP

      24576:zHFnUboWB3QNPnAW+ZsmwA3OFU9iI1cPpp:JnB9pozjs

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.