General

  • Target

    fda6b1ad394e1381a0b9154952f9f9a9_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240929-dac8qaxblq

  • MD5

    fda6b1ad394e1381a0b9154952f9f9a9

  • SHA1

    391b8ad7c20034b1c5bbbdafe7f81a4660193f9a

  • SHA256

    cf1698e1bb1f5461bc2b4aeac494b2d5f09cbca954191ef4e9c98397a4c08934

  • SHA512

    0ae7d7025f5a01515e1ec0d83e36fe59849aee53184a1d2b90b3a9f5e505342b5dbfe2205537768f513b783b5c4646c5cc2d0ab105c4fff2ea1c56ea9ef6ab78

  • SSDEEP

    49152:doT9G40r3WmDXgLISbjnuEhLQr+3AQbp8n:+G4Lv/PNQr+3AQbp8n

Malware Config

Targets

    • Target

      fda6b1ad394e1381a0b9154952f9f9a9_JaffaCakes118

    • Size

      1.8MB

    • MD5

      fda6b1ad394e1381a0b9154952f9f9a9

    • SHA1

      391b8ad7c20034b1c5bbbdafe7f81a4660193f9a

    • SHA256

      cf1698e1bb1f5461bc2b4aeac494b2d5f09cbca954191ef4e9c98397a4c08934

    • SHA512

      0ae7d7025f5a01515e1ec0d83e36fe59849aee53184a1d2b90b3a9f5e505342b5dbfe2205537768f513b783b5c4646c5cc2d0ab105c4fff2ea1c56ea9ef6ab78

    • SSDEEP

      49152:doT9G40r3WmDXgLISbjnuEhLQr+3AQbp8n:+G4Lv/PNQr+3AQbp8n

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks