General

  • Target

    d6ef4db21304e0b564bda8d86520d9fe_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240909-xw9ctsxbja

  • MD5

    d6ef4db21304e0b564bda8d86520d9fe

  • SHA1

    3eee507a3763d9c6b630118ec8a2fbc44fe70999

  • SHA256

    784a214746c7e36ef35550f2a70b9909364656d2e42f74a4629018e9dbc8005f

  • SHA512

    d77a92a2d8ea6d9c2994ff3f8dfa5d04a75d9da62debd5b52ffc5edaa5827113afd9afd99867891a567727e8771deea98b2ca4f33329e8fcbc779be6563682ca

  • SSDEEP

    24576:zZxTeWkPIKFO1qfkh9MnkuS29P/mvKV+lz+3rS+WiLIhEpJUaOZ9x:zXTeWxKFJ69LXo+6+lzCrtWic+g

Malware Config

Targets

    • Target

      d6ef4db21304e0b564bda8d86520d9fe_JaffaCakes118

    • Size

      1.1MB

    • MD5

      d6ef4db21304e0b564bda8d86520d9fe

    • SHA1

      3eee507a3763d9c6b630118ec8a2fbc44fe70999

    • SHA256

      784a214746c7e36ef35550f2a70b9909364656d2e42f74a4629018e9dbc8005f

    • SHA512

      d77a92a2d8ea6d9c2994ff3f8dfa5d04a75d9da62debd5b52ffc5edaa5827113afd9afd99867891a567727e8771deea98b2ca4f33329e8fcbc779be6563682ca

    • SSDEEP

      24576:zZxTeWkPIKFO1qfkh9MnkuS29P/mvKV+lz+3rS+WiLIhEpJUaOZ9x:zXTeWxKFJ69LXo+6+lzCrtWic+g

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks