General

  • Target

    96831387f82a4191383b9c5211eab1ec_JaffaCakes118

  • Size

    505KB

  • Sample

    241124-xbrbhszjbp

  • MD5

    96831387f82a4191383b9c5211eab1ec

  • SHA1

    2cfbe2fdefe24675266770f9036d943995b4a1ad

  • SHA256

    a21f2df9470ced61a5c5498e318f10382c007d9cb89e2c2adafc614ce416815d

  • SHA512

    c14b74e7725a1935b0566096e3033d47f4c144d20ef6e29d3f307723d571be78ad5abce7a0ab61fe5ce4fe41e2cdd31eaf5dc2d87a2f65a0c77b73a8810a97cd

  • SSDEEP

    12288:gRkGN6byn4pdc2oZ6tqMhan23FfIl82mWRO8UcRCFRzXFP+:QN6by4sZOquO23Fw+2m+O8UcARTw

Malware Config

Targets

    • Target

      96831387f82a4191383b9c5211eab1ec_JaffaCakes118

    • Size

      505KB

    • MD5

      96831387f82a4191383b9c5211eab1ec

    • SHA1

      2cfbe2fdefe24675266770f9036d943995b4a1ad

    • SHA256

      a21f2df9470ced61a5c5498e318f10382c007d9cb89e2c2adafc614ce416815d

    • SHA512

      c14b74e7725a1935b0566096e3033d47f4c144d20ef6e29d3f307723d571be78ad5abce7a0ab61fe5ce4fe41e2cdd31eaf5dc2d87a2f65a0c77b73a8810a97cd

    • SSDEEP

      12288:gRkGN6byn4pdc2oZ6tqMhan23FfIl82mWRO8UcRCFRzXFP+:QN6by4sZOquO23Fw+2m+O8UcARTw

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks