ardamax | c9b547cfc1e454c953ddc525ae4797cffb28370f56a5d8f86ce100e46fadff71

Sharing

Copy URL Twitter E-mail

General

Target

16ebd7bd53c0d42c54f08004132d58df_JaffaCakes118
Size

404KB
Sample

241005-kabs8avfll
MD5

16ebd7bd53c0d42c54f08004132d58df
SHA1

8dbaa8a801434bea4cef6a5c5c7189056218fef8
SHA256

c9b547cfc1e454c953ddc525ae4797cffb28370f56a5d8f86ce100e46fadff71
SHA512

59b1f546827507fd01d1bd723afb9f204bd2d0094236c832428f6a37db2d2ed7c07431d7ab8ed98d77a92e3efcea17a88b2caf4bb2dc1f5455910922e5c3eee9
SSDEEP

12288:XDKLYe6zUbRrda8Kb9zoNVSbVhyzCe1PXcK:TKLuGJa8Kb9q+XI51PMK

Score

10^/10

Malware Config

Targets

- Target
  
  16ebd7bd53c0d42c54f08004132d58df_JaffaCakes118
- Size
  
  404KB
- MD5
  
  16ebd7bd53c0d42c54f08004132d58df
- SHA1
  
  8dbaa8a801434bea4cef6a5c5c7189056218fef8
- SHA256
  
  c9b547cfc1e454c953ddc525ae4797cffb28370f56a5d8f86ce100e46fadff71
- SHA512
  
  59b1f546827507fd01d1bd723afb9f204bd2d0094236c832428f6a37db2d2ed7c07431d7ab8ed98d77a92e3efcea17a88b2caf4bb2dc1f5455910922e5c3eee9
- SSDEEP
  
  12288:XDKLYe6zUbRrda8Kb9zoNVSbVhyzCe1PXcK:TKLuGJa8Kb9q+XI51PMK
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  14KB
- MD5
  
  296a5f3179fa8d7a7a855eaf696ede44
- SHA1
  
  57aa5b71553ed282dd22c768e039a187f5c13f63
- SHA256
  
  ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960
- SHA512
  
  bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6
- SSDEEP
  
  192:r6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:r6JaVh4I5rpPbTy+BdhO
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  AKV.exe
- Size
  
  395KB
- MD5
  
  b8fa30233794772b8b76b4b1d91c7321
- SHA1
  
  0cf9561be2528944285e536f41d502be24c3aa87
- SHA256
  
  14116fa79ccc105fabd312b4dff74933f8684c6b27db37e5e3a79d159092d29a
- SHA512
  
  10ce8b18e7afb8c7e30bb90b0a1f199ef0b77873fa7a9efc596606e151be6b516c0ec6222a9032bdcc527e80964f53d20a28fa1881a08b4df303b2e28204549d
- SSDEEP
  
  6144:qXXNW/g8zSQbXumJZwsP2IUPNF/GVx8MFC:+XbySQjuG/P2bd
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  HTV.003
- Size
  
  4KB
- MD5
  
  c3679c3ff636d1a6b8c65323540da371
- SHA1
  
  d184758721a426467b687bec2a4acc80fe44c6f8
- SHA256
  
  d4eba51c616b439a8819218bddf9a6fa257d55c9f04cf81441cc99cc945ad3eb
- SHA512
  
  494a0a32eef4392ecb54df6e1da7d93183473c4e45f4ac4bd6ec3b0ed8c85c58303a0d36edec41420d05ff624195f08791b6b7e018419a3251b7e71ec9b730e7
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  HTV.004
- Size
  
  14KB
- MD5
  
  bda4860df26a5882b42b6b861376199d
- SHA1
  
  8437ec07c9bc3001756ae0cb214b99e1e8a53fdb
- SHA256
  
  9ed69f6ee86a7fca1f3ef7801d08b38d9e82ab649e6169e894e48ce85b43dc30
- SHA512
  
  484f45aaacdb4be03752df49c337c7596d539ee0442412083fcfeea78e1c485caf1fbb25cf8a749611358e3a895232f8d0c61c91545d98a3f2a3e1aa504859c6
- SSDEEP
  
  384:qq/qih/MPPlOXAd4hIcWpXTxzE+w0TN99EuK:qq/qih/jG45O5FTNLER
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral10 behavioral9
- Target
  
  HTV.006
- Size
  
  8KB
- MD5
  
  43f02e9974b1477c1e6388882f233db0
- SHA1
  
  f3e27b231193f8d5b2e1b09d05ae3a62795cf339
- SHA256
  
  3c9e56e51d5a7a1b9aefe853c12a98bf246039aa46db94227ea128f6331782ba
- SHA512
  
  e22d14735606fe75ee5e55204807c3f5531d3e0c4f63aa4a3b2d4bb6abda6128c7e2816753f2e64400ac6dae8f8ef1e013a7a464dff2a79ad9937c48821a067f
- SSDEEP
  
  96:6ynh3GtCJk7eZjXOoP/YYfR+cwXofW1oEIYoWkQrWyHe1e2mIXT6pDw9:H3Ggk0+oP/YY50tI1WkQRoeyD6pU9
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  HTV.007
- Size
  
  5KB
- MD5
  
  b5a87d630436f958c6e1d82d15f98f96
- SHA1
  
  d3ff5e92198d4df0f98a918071aca53550bf1cff
- SHA256
  
  a895ad4d23e8b2c2dc552092f645ca309e62c36d4721ebfe7afd2eee7765d4b2
- SHA512
  
  fd7bae85a86bdaa12fec826d1d38728a90e2037cb3182ad7652d8a9f54c4b322734c587b62221e6f907fce24fcf2e0ae4cce1f5e3d8861661064b4da24bd87ce
- SSDEEP
  
  48:6gklbZREoW0EE/KD4tJaKz5/aSbRsEJZAECi1cBaVM+kHbDouE:6gSoDidaeJGECiRQHbDoz
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  HTV.chm
- Size
  
  28KB
- MD5
  
  42e0e0437bdb3235e03bd9de37c5f176
- SHA1
  
  1a14d34dff26bd721e2f35351b388ceba4473075
- SHA256
  
  87778672f624ddb422f7516536a566f768c5c4fcd4562ad3bad3fb785f940a6a
- SHA512
  
  2667d8765fcb12a40bb5318dfd86fab5f7c08a5ffe0e41599ea0cfa6f3d6b8932c734472d9bdef447b23ccf397ac7619784c3af566bd721e198f856a3067117f
- SSDEEP
  
  768:4pfTcCfTSjb0O+TJPHjnKFZi4LHnX1OsFmncv6I:4pfTcCfTcg1eXJjmncv6I
Score

1^/10
behavioral15 behavioral16
- Target
  
  HTV.exe
- Size
  
  473KB
- MD5
  
  17535dddecf8cb1efdba1f1952126547
- SHA1
  
  a862a9a3eb6c201751be1038537522a5281ea6cb
- SHA256
  
  1a3d28ac6359e58aa656f4734f9f36b6c09badadcf9fb900b9b118d90c38a9dd
- SHA512
  
  b4f31b552ab3bb3dafa365aa7a31f58674ae7ee82ce1d23457f2e7047431430b00abb3b5498491725639daf583b526b278a737168cfdc4e9ec796dfbc14a53d8
- SSDEEP
  
  6144:gP/HgQr8z0psVGBJbsvUIvpBSkULIMxEIvs/IV2JN4Xd8Ab:0gQNIGBJ/igkUYItFb
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral17 behavioral18
- Target
  
  qs.html
- Size
  
  1KB
- MD5
  
  40d00fa24b9cc44fbf2d724842808473
- SHA1
  
  c0852aa2fb916c051652a8b2142ffb9d8c7ac87a
- SHA256
  
  35b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035
- SHA512
  
  9eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c
Score

3^/10

discovery
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Adds Run key to start application

Checks installed software on the system

Adds Run key to start application

Checks installed software on the system

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20