General

  • Target

    a112e40270437a236bdd9dfcc948a571_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241126-k7hb9svkhw

  • MD5

    a112e40270437a236bdd9dfcc948a571

  • SHA1

    8a986bdf5b0271e563879d322f4cb0cb9baba466

  • SHA256

    1558335060381a3a45cbd49ea18742a4d1f2bb7660905ba07fc01a215cc792d9

  • SHA512

    943099e0d4a2f13437eef1a7b0dcdf72a3b3a7c78d5daaf9882b0433f2b5a06e53964b470b47a0585c2999707cdb663a460515360bbc82af83cdb827f273b48e

  • SSDEEP

    24576:8RWbHmsmKbRL6lzZXgfWDzyMM65tkU3ytel:8AbHmsXRePXgfWDOMjkU3KQ

Malware Config

Targets

    • Target

      a112e40270437a236bdd9dfcc948a571_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a112e40270437a236bdd9dfcc948a571

    • SHA1

      8a986bdf5b0271e563879d322f4cb0cb9baba466

    • SHA256

      1558335060381a3a45cbd49ea18742a4d1f2bb7660905ba07fc01a215cc792d9

    • SHA512

      943099e0d4a2f13437eef1a7b0dcdf72a3b3a7c78d5daaf9882b0433f2b5a06e53964b470b47a0585c2999707cdb663a460515360bbc82af83cdb827f273b48e

    • SSDEEP

      24576:8RWbHmsmKbRL6lzZXgfWDzyMM65tkU3ytel:8AbHmsXRePXgfWDOMjkU3KQ

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Loads dropped DLL

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Target

      /tbu01932/autofill_plugin.dll

    • Size

      244KB

    • MD5

      f43d684c3673aeb364e4549f62cf6a7e

    • SHA1

      eb0448cf354d3b1abe767e80a115e1712734e967

    • SHA256

      ebf969fec0e8c9ab5d2dd1b9a809615e5bbca0437cae20ea50b2925b17f72a97

    • SHA512

      886cc9c778734b939faf9e3202ad8e120adafeba4f9937fc33bbadf723c65bc1c5e1b9070f7ac60d4a9639512282feb08c2d92425fb71e85ddb50ac78013a6df

    • SSDEEP

      3072:sZS8/IJIrTyHqSavFbR2019Y0FO8hSFXWuWKgGZoYVLBeJvgA4QH3Mm:eS8/nGHqnvFbR2o1FdOWuWKNML3x

    Score
    1/10
    • Target

      /tbu01932/communicomm.dll

    • Size

      1.2MB

    • MD5

      c20c1fd1a46880d06736b43e5ff0062b

    • SHA1

      10161a72c9f25270bc56c09f453e9d8fbb0a3849

    • SHA256

      f711613ee8f75abf45cd3f3b20e57785e69fd709ab3db9890729e9791d4b6be0

    • SHA512

      e47a4f88f1b23a46917eea788544254e45d1168a31f95ed09cbfa7a0b8f8201656bd203765706d4a8ee4616b4cdcc78a4c20485a5dd2f053a14b6ce58494922a

    • SSDEEP

      12288:Cy2CrpbIKCiY+KCK8tGSJ0OEj+2G7uENds0BGQCFhMgKbAZl3bze2q4BAkf1Tm1T:bprK7C3N7lKBQCndAk9y/5OT6CeWoE6

    Score
    1/10
    • Target

      /tbu01932/scengine.dll

    • Size

      208KB

    • MD5

      6577a80ad844076a70603b44f44ba1e3

    • SHA1

      b5b060fda75a6c95225644f137e1e65cbc10b77e

    • SHA256

      244c821688564bcb683592bd84fbfdd8e8ce54be699d48648f164c029ec66035

    • SHA512

      f4623dfa538fc72b4f739ed8eb054ec6618cfe46784df170c1d7186b3ca6eff6730aeb6bdbd6acf860625ec6a95e73db8164563d215492bd80d8454518bbeac0

    • SSDEEP

      3072:MlE6L/TCiSXHX7LHWpP5rm+q+BNW3wHnzNqGHjoY+Vf8/cJ90uFBdvzES7tz:w7eXrLHWpP5zq+K3w7O9bBd

    Score
    1/10
    • Target

      /tbu01932/spellchecker_plugin.dll

    • Size

      120KB

    • MD5

      a7e0e5c28cdf9b0822fc33e073552a36

    • SHA1

      0090f0be61ed98e24f5781686f73c5585e344fd8

    • SHA256

      04165d906495ce8b1413cd22cd25aff21bf2b6f7f5ee3a197b24975edd8b073d

    • SHA512

      0fa604a5b563a61ce52ee0d541e5fc9a25c7c4c891ebb4b23f0d3cb9a4c9a98fe0913a42718e744532fae03ee17c241262bcad3f76e386394b96c357c3984400

    • SSDEEP

      3072:FR0Oh7qlpEZRPv/AdduLdIhinRon8v3ln0ONM:w87qTE7PXAdduh5eM

    Score
    1/10
    • Target

      /tbu01932/spyrem.exe

    • Size

      280KB

    • MD5

      83d5b6f29c5686bce69aa6999f4e074d

    • SHA1

      b98cc07896b1d313e85aa839447d679d86176aba

    • SHA256

      ad5ad2fe1229db247dcdd5b64fe49a588cbdc58d53e840c540cfaf9da53ce0c7

    • SHA512

      5a718249d27380fdb51e1a7b9dc077c4edc528ae4aea2ab12b1a9f8740e61febc8086174195fd2a849b55866a918bc08913fb70f516b286c86b103981772fb9d

    • SSDEEP

      3072:caD1ATqbXt7aMwOCuMAeWAhohG+Ccv1oQT/Hq3R3GJd67ZI:caDmTcZXwRAvGbcvtHAh8dcZ

    Score
    1/10
    • Target

      /tbu01932/ssceam.tlx

    • Size

      7KB

    • MD5

      77eed4b296856a919e68bc23c57580a6

    • SHA1

      9800e40738eeada502730fcbf8e27e98e38da592

    • SHA256

      924ef798579f1798b9ab6e7492fb3449b81c47b0af47c11c87be14e4dfab41fc

    • SHA512

      37267059dd6232cd9b56333082b02f164b51cfa30296c1870367fad70bb0083848c7da600553de9e5e48536885ed9231fc75618388c460eeb9926307ede60f8b

    • SSDEEP

      192:+SFO45GRBCRI8Uj/jQrt0BNjJh9q1E1fLC8PIhh:fFO45KCRSj203jJhIeQb

    Score
    1/10
    • Target

      /tbu01932/sscebr.tlx

    • Size

      7KB

    • MD5

      ee5c480aa68de03df03d0c8ef20bbf49

    • SHA1

      968a06ce6362b2611bea5d104148fefc70f64e6a

    • SHA256

      029354cff3194df395eaf2c08d30b75c256c44716c65a12ba6abbdd0910edd15

    • SHA512

      08192820d289e59d1b0b6895ed9cebdf25a62d0a9a689c26c883b83030578e841e785f3032eec6e691976c4a4360727220eae69054f69dd3a4953ce54c19d83f

    • SSDEEP

      192:+SFO4PDGCRCRI8Uj/jQrKRz0BNjJh9q1E1fLC8PIeP:fFO4PD/CRSjH03jJhIeQG

    Score
    1/10
    • Target

      /tbu01932/tbhelper.dll

    • Size

      372KB

    • MD5

      c4407679a570bef1b0171c93abd61361

    • SHA1

      629eb29ca00268704ee73be12ca281c93f6c5fd9

    • SHA256

      bf07e43e9ac1f11c650235b32e0e048a4f2fcd95c7787b6f61f0028467a4a3a7

    • SHA512

      ee1de941dd9b5574bf15eb80e9d0b5ef552e95bfac249d1240de5bbec70a0b8dde0526ac62286c6f89024ff0fc95d1735c980f6335375de6e58314cda8bdae05

    • SSDEEP

      6144:nMbm+cVHQ+PKkKoiTtKJmN9+h9mGgiht7k7qsHIcgL0J92y3/fkxwX8VmTH5zeH:ne7clKg8tKJmvs9oihK7qsHbgL0b3XOv

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks