General

  • Target

    9cd793b2589f1f961bd32df45e261b3b_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241125-vsxhratnfm

  • MD5

    9cd793b2589f1f961bd32df45e261b3b

  • SHA1

    1a3ed9b70f9a24a09d8b5a0d1bc5b360ae739fe4

  • SHA256

    ce1d50b440c3ecfe3be4c8482811d9d949b7f8b8cb71cab0ba11f3f9c0537895

  • SHA512

    2256934e8c6cea84e0d4d5578c5734ddb5979a0fe69d268620a4f5b8887bb754e597585990b06de381506f83b05420261a4fb62182fec3830e601418e74eb23b

  • SSDEEP

    24576:jGaUTAAvOEg2q4fP1aBF4EW4l3M236cTltOdvacxfOxqIMvAjWWGdkczBTJCimwm:jGrTAAv3g2q4Fs396cSdycxfzIMEWzz2

Malware Config

Targets

    • Target

      9cd793b2589f1f961bd32df45e261b3b_JaffaCakes118

    • Size

      1.3MB

    • MD5

      9cd793b2589f1f961bd32df45e261b3b

    • SHA1

      1a3ed9b70f9a24a09d8b5a0d1bc5b360ae739fe4

    • SHA256

      ce1d50b440c3ecfe3be4c8482811d9d949b7f8b8cb71cab0ba11f3f9c0537895

    • SHA512

      2256934e8c6cea84e0d4d5578c5734ddb5979a0fe69d268620a4f5b8887bb754e597585990b06de381506f83b05420261a4fb62182fec3830e601418e74eb23b

    • SSDEEP

      24576:jGaUTAAvOEg2q4fP1aBF4EW4l3M236cTltOdvacxfOxqIMvAjWWGdkczBTJCimwm:jGrTAAv3g2q4Fs396cSdycxfzIMEWzz2

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks