General

  • Target

    d6cda39f0c27fe2976a3435ca02b0a34_JaffaCakes118

  • Size

    2.1MB

  • Sample

    240909-v6z6ss1bmq

  • MD5

    d6cda39f0c27fe2976a3435ca02b0a34

  • SHA1

    cc90eb5c7507ecc4d010ae56b91fe15562e5b812

  • SHA256

    6fbe324be0a3456f9b1353b600eb84b770d0bb72910891cc8dcb2949b2b0d2b8

  • SHA512

    48b3ef4663e90fd2cd65052fc63b1cebc4bdb20d891cf3be7fc01c961052b233a071c925ef13d3e4e352e21dd01a98174489220f3eba1264e486e8264945e6d4

  • SSDEEP

    49152:OoTiWSeLWmD74CqUOiJkvSBRS5DS1I/2iWSUPW/J98ZmneEEdKF:yWSwF74CPR8S1KKScWnNe

Malware Config

Targets

    • Target

      d6cda39f0c27fe2976a3435ca02b0a34_JaffaCakes118

    • Size

      2.1MB

    • MD5

      d6cda39f0c27fe2976a3435ca02b0a34

    • SHA1

      cc90eb5c7507ecc4d010ae56b91fe15562e5b812

    • SHA256

      6fbe324be0a3456f9b1353b600eb84b770d0bb72910891cc8dcb2949b2b0d2b8

    • SHA512

      48b3ef4663e90fd2cd65052fc63b1cebc4bdb20d891cf3be7fc01c961052b233a071c925ef13d3e4e352e21dd01a98174489220f3eba1264e486e8264945e6d4

    • SSDEEP

      49152:OoTiWSeLWmD74CqUOiJkvSBRS5DS1I/2iWSUPW/J98ZmneEEdKF:yWSwF74CPR8S1KKScWnNe

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks