General

  • Target

    9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118

  • Size

    1.0MB

  • Sample

    241126-dvbwds1qc1

  • MD5

    9f86f954eac6b3d681d0cca5006902bf

  • SHA1

    121baa6cd1713088a4aad05a2df1f337f8399c7b

  • SHA256

    e955528268ea2c049598faf922c2acd83dc53b5579b2a6896d0c5d52067e619a

  • SHA512

    d5af495dfacd252100843da128d09ca63d8eaea1c5d7950aa478c4490edd19c175cc892f9cf6fb9366280bbc1258c267679f439fe8a825389e316d4f50e93014

  • SSDEEP

    24576:W64MVTz+VxRx9xJujv/0X8NK+UueUqF+vtX6xMb8vUVinY:W64MTaZx9Sjv/0sNnFeLQc48C2

Malware Config

Targets

    • Target

      9f86f954eac6b3d681d0cca5006902bf_JaffaCakes118

    • Size

      1.0MB

    • MD5

      9f86f954eac6b3d681d0cca5006902bf

    • SHA1

      121baa6cd1713088a4aad05a2df1f337f8399c7b

    • SHA256

      e955528268ea2c049598faf922c2acd83dc53b5579b2a6896d0c5d52067e619a

    • SHA512

      d5af495dfacd252100843da128d09ca63d8eaea1c5d7950aa478c4490edd19c175cc892f9cf6fb9366280bbc1258c267679f439fe8a825389e316d4f50e93014

    • SSDEEP

      24576:W64MVTz+VxRx9xJujv/0X8NK+UueUqF+vtX6xMb8vUVinY:W64MTaZx9Sjv/0sNnFeLQc48C2

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Stops running service(s)

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks