General

  • Target

    f35baf7a6ebb3ee605b63c2b627003b4_JaffaCakes118

  • Size

    2.5MB

  • Sample

    240924-lp3qxszckk

  • MD5

    f35baf7a6ebb3ee605b63c2b627003b4

  • SHA1

    349bae73205c6a0ba16f66d1ddfb918b7041a970

  • SHA256

    56e6a6ad2064b2faeb36102c91109543d33e34cdfdca977f2e0233dc8602afbf

  • SHA512

    ab0507031a1225a738e52d881fa614224aab847fcb60fa62e8b2c7dee903634d5aea67044fa912d2908a5eec9d5525aec765363ff525f012869185aa90e0eb61

  • SSDEEP

    49152:b1dlZoZvhh0Oh/gg8Oy3eTV9GSSaEN0ZqQox7YiI9+Dlbht/A062oYJWe:b1dl2ZQeb8z2fGShEN08x7YiI9AxhG0r

Malware Config

Targets

    • Target

      f35baf7a6ebb3ee605b63c2b627003b4_JaffaCakes118

    • Size

      2.5MB

    • MD5

      f35baf7a6ebb3ee605b63c2b627003b4

    • SHA1

      349bae73205c6a0ba16f66d1ddfb918b7041a970

    • SHA256

      56e6a6ad2064b2faeb36102c91109543d33e34cdfdca977f2e0233dc8602afbf

    • SHA512

      ab0507031a1225a738e52d881fa614224aab847fcb60fa62e8b2c7dee903634d5aea67044fa912d2908a5eec9d5525aec765363ff525f012869185aa90e0eb61

    • SSDEEP

      49152:b1dlZoZvhh0Oh/gg8Oy3eTV9GSSaEN0ZqQox7YiI9+Dlbht/A062oYJWe:b1dl2ZQeb8z2fGShEN08x7YiI9AxhG0r

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.