General

  • Target

    a0414ea0f21387ab4f6a5ab5cfa8c3d4_JaffaCakes118

  • Size

    769KB

  • Sample

    241126-gxftxaykfx

  • MD5

    a0414ea0f21387ab4f6a5ab5cfa8c3d4

  • SHA1

    64604bacdd217011fac23abf60404f04cd1379ad

  • SHA256

    a9512fa7fe0e7cd53e2612cef370f1bb5e62485864cfc7a9d3c39270ace97fd0

  • SHA512

    861896c1194a5806b8f387813e0380e0f722294801959ab5b653261c1167a0a2679247bea46412b14ebf1eafec54b8e19591d19ad0b242ed8344e2ee95a3b744

  • SSDEEP

    12288:OlQD3uWAOGfYvjHendWVUf3DT6Xp4juCdiGeOtJ76vSYli+9xmjxUSL2OIhzu:OEbHedPHgKD0GNJmpHxmjxfazu

Malware Config

Targets

    • Target

      a0414ea0f21387ab4f6a5ab5cfa8c3d4_JaffaCakes118

    • Size

      769KB

    • MD5

      a0414ea0f21387ab4f6a5ab5cfa8c3d4

    • SHA1

      64604bacdd217011fac23abf60404f04cd1379ad

    • SHA256

      a9512fa7fe0e7cd53e2612cef370f1bb5e62485864cfc7a9d3c39270ace97fd0

    • SHA512

      861896c1194a5806b8f387813e0380e0f722294801959ab5b653261c1167a0a2679247bea46412b14ebf1eafec54b8e19591d19ad0b242ed8344e2ee95a3b744

    • SSDEEP

      12288:OlQD3uWAOGfYvjHendWVUf3DT6Xp4juCdiGeOtJ76vSYli+9xmjxUSL2OIhzu:OEbHedPHgKD0GNJmpHxmjxfazu

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks