General

  • Target

    d2a037d4ada7c779c2dabc33d4c08dcb_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240907-xme3ma1hmf

  • MD5

    d2a037d4ada7c779c2dabc33d4c08dcb

  • SHA1

    fd92cd6c9a848c2fd86534f4b5e75bde38bf5a5f

  • SHA256

    fb74086c0c47afc910240f61a4dffc3046fc7903839be2bedfc0f11521836510

  • SHA512

    53da042682a290caca72c316f32834ca90e65189b99d2ba782f6110439b1e9599bc8e4d21116c5ea0711d0f7b747aaa12799016548f90a3ca88c3af5e9f035e3

  • SSDEEP

    24576:tZxTW/T3pahAtbpmjZ3O2chHBeDKcXDFQTs4+tPfJqhs:tXTMtuAtbcdQBcdXis4+Tqh

Malware Config

Targets

    • Target

      d2a037d4ada7c779c2dabc33d4c08dcb_JaffaCakes118

    • Size

      1.1MB

    • MD5

      d2a037d4ada7c779c2dabc33d4c08dcb

    • SHA1

      fd92cd6c9a848c2fd86534f4b5e75bde38bf5a5f

    • SHA256

      fb74086c0c47afc910240f61a4dffc3046fc7903839be2bedfc0f11521836510

    • SHA512

      53da042682a290caca72c316f32834ca90e65189b99d2ba782f6110439b1e9599bc8e4d21116c5ea0711d0f7b747aaa12799016548f90a3ca88c3af5e9f035e3

    • SSDEEP

      24576:tZxTW/T3pahAtbpmjZ3O2chHBeDKcXDFQTs4+tPfJqhs:tXTMtuAtbcdQBcdXis4+Tqh

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks