General

  • Target

    988e5b36a467ca8c19aaf8bc40ac8662_JaffaCakes118

  • Size

    571KB

  • Sample

    241125-cg84asxrdp

  • MD5

    988e5b36a467ca8c19aaf8bc40ac8662

  • SHA1

    2a4f26a93d53954863d7c96510ddffe341a99287

  • SHA256

    f33df27acb75b279b908464410a8c62909b9a816b0f3ff324eef48f53cd44b1d

  • SHA512

    4853f5071d2eebf2eb75260fe060e3598940fb5362ce3d71e25641d816d082b7e639b9eb108a1d46ca68fe898c82240d304b4519bcfbff263dd53ca5967b3fb2

  • SSDEEP

    12288:cRXehTMj0o8CzW0XB89Y1LFZ8KdGutxV1cRnx65yt58KRpkoIaXemr:Dmj0o8YvBaYPZ8KUuPfU8KRpBIaXPr

Malware Config

Targets

    • Target

      988e5b36a467ca8c19aaf8bc40ac8662_JaffaCakes118

    • Size

      571KB

    • MD5

      988e5b36a467ca8c19aaf8bc40ac8662

    • SHA1

      2a4f26a93d53954863d7c96510ddffe341a99287

    • SHA256

      f33df27acb75b279b908464410a8c62909b9a816b0f3ff324eef48f53cd44b1d

    • SHA512

      4853f5071d2eebf2eb75260fe060e3598940fb5362ce3d71e25641d816d082b7e639b9eb108a1d46ca68fe898c82240d304b4519bcfbff263dd53ca5967b3fb2

    • SSDEEP

      12288:cRXehTMj0o8CzW0XB89Y1LFZ8KdGutxV1cRnx65yt58KRpkoIaXemr:Dmj0o8YvBaYPZ8KUuPfU8KRpBIaXPr

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks