General

  • Target

    4a950b75ed4d8baa69281d686e463177_JaffaCakes118

  • Size

    2.9MB

  • Sample

    241016-acw7tstdkb

  • MD5

    4a950b75ed4d8baa69281d686e463177

  • SHA1

    6e8cc0487db34178dc03a98245d894b9c8365001

  • SHA256

    b9a28427e934a87b5500fce3e92ecd5409888f0790e00c1b4357bf3651383251

  • SHA512

    576aa68f5fb19e707816ba3545293c7a4d4513b37a3b3e3e3a70f4f4ccbc5b5ebc2c971d741d9ea7ae5a124add3bfd30dd98929396221a6923c49ca00334bbef

  • SSDEEP

    49152:Z0pTSXFZrHv3a72MCL6uI1ZHAN2MFECg9eyXinZAHpvzaXUfLvrXRRZC6iGU+:ZHFxeC1qrMOR9eyX74UfLzhfiGv

Malware Config

Targets

    • Target

      4a950b75ed4d8baa69281d686e463177_JaffaCakes118

    • Size

      2.9MB

    • MD5

      4a950b75ed4d8baa69281d686e463177

    • SHA1

      6e8cc0487db34178dc03a98245d894b9c8365001

    • SHA256

      b9a28427e934a87b5500fce3e92ecd5409888f0790e00c1b4357bf3651383251

    • SHA512

      576aa68f5fb19e707816ba3545293c7a4d4513b37a3b3e3e3a70f4f4ccbc5b5ebc2c971d741d9ea7ae5a124add3bfd30dd98929396221a6923c49ca00334bbef

    • SSDEEP

      49152:Z0pTSXFZrHv3a72MCL6uI1ZHAN2MFECg9eyXinZAHpvzaXUfLvrXRRZC6iGU+:ZHFxeC1qrMOR9eyX74UfLzhfiGv

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks