General

  • Target

    2621111710e0b9a2cb46c69be7af6854_JaffaCakes118

  • Size

    622KB

  • Sample

    241008-1y7hsswalh

  • MD5

    2621111710e0b9a2cb46c69be7af6854

  • SHA1

    7dc4c7ef5122e8ba1f42b77ea9891e102e53df32

  • SHA256

    c11c5c083b2585701fd3aba7908579684e5dd5777b7f6aa0ee2f4d513edff00e

  • SHA512

    dd700a1c294373a93a1458e635c3f8c5dcd8a204f5552ec0a6677afb15f9238aa13bbc68a851992c1fb07ea571a398adfcabe21374c42d07c5f642a13317ef1e

  • SSDEEP

    12288:Z9uKKaBxbyHDmxwtqeRYlnkWsp3eWfB4kEsx93LTRtbMVoXqyeN2gC:iKpr1yt7RYFLsp3fEuHRNXqy43C

Malware Config

Targets

    • Target

      2621111710e0b9a2cb46c69be7af6854_JaffaCakes118

    • Size

      622KB

    • MD5

      2621111710e0b9a2cb46c69be7af6854

    • SHA1

      7dc4c7ef5122e8ba1f42b77ea9891e102e53df32

    • SHA256

      c11c5c083b2585701fd3aba7908579684e5dd5777b7f6aa0ee2f4d513edff00e

    • SHA512

      dd700a1c294373a93a1458e635c3f8c5dcd8a204f5552ec0a6677afb15f9238aa13bbc68a851992c1fb07ea571a398adfcabe21374c42d07c5f642a13317ef1e

    • SSDEEP

      12288:Z9uKKaBxbyHDmxwtqeRYlnkWsp3eWfB4kEsx93LTRtbMVoXqyeN2gC:iKpr1yt7RYFLsp3fEuHRNXqy43C

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.