General

  • Target

    98ec30e388040b2d6d113ba5dc684f74_JaffaCakes118

  • Size

    480KB

  • Sample

    241125-dzgbns1rgj

  • MD5

    98ec30e388040b2d6d113ba5dc684f74

  • SHA1

    60373d7cf902d248eafd0644a8d61cfb38cc2057

  • SHA256

    e1c6967b1f1cb994d746b67bc8baf7c1a683bfbdd18ffd6f44a5f86946a3e1e5

  • SHA512

    5610a25a0ece9e7e906ba20b19faeb1f44ee2dab61c8edc7960a795fd00150ff8579882d08e8fc773b1db39461fb0428176d27793fa5e62b0d381cb218a0c569

  • SSDEEP

    12288:h4+RF04NwAs86Z2+2mjv8UOmDJ7Mmwd/lLAl4ReMLjUHZ3z:O+RaEwd5ZDbjv3Om9ARdLAl4I5D

Malware Config

Targets

    • Target

      98ec30e388040b2d6d113ba5dc684f74_JaffaCakes118

    • Size

      480KB

    • MD5

      98ec30e388040b2d6d113ba5dc684f74

    • SHA1

      60373d7cf902d248eafd0644a8d61cfb38cc2057

    • SHA256

      e1c6967b1f1cb994d746b67bc8baf7c1a683bfbdd18ffd6f44a5f86946a3e1e5

    • SHA512

      5610a25a0ece9e7e906ba20b19faeb1f44ee2dab61c8edc7960a795fd00150ff8579882d08e8fc773b1db39461fb0428176d27793fa5e62b0d381cb218a0c569

    • SSDEEP

      12288:h4+RF04NwAs86Z2+2mjv8UOmDJ7Mmwd/lLAl4ReMLjUHZ3z:O+RaEwd5ZDbjv3Om9ARdLAl4I5D

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks