General

  • Target

    a19e628b0b6983b11d119bd3f612cce0_JaffaCakes118

  • Size

    501KB

  • Sample

    241126-nfbl7aynas

  • MD5

    a19e628b0b6983b11d119bd3f612cce0

  • SHA1

    f52e3720662036fbfd2e1c181d688e1ebaf316df

  • SHA256

    5229baea0cc6ef10faa54de3fa6688641ac8ccb6273906ec5c0e1436a005d958

  • SHA512

    aa57128a8d2d1687bce1b527892fa0f281fa5f96303e254b470c86b173084dee943fc1923e89d8e78eaf1fa7fd0fcdc3d32fd14d1ff9a25ef6af9c613c3de980

  • SSDEEP

    12288:29Ecfo8ivd+L3TT6S19c+7G5ybqmVUeSwEql2PXj9:tCiV+L3TT689cqGK3aqlyZ

Malware Config

Targets

    • Target

      a19e628b0b6983b11d119bd3f612cce0_JaffaCakes118

    • Size

      501KB

    • MD5

      a19e628b0b6983b11d119bd3f612cce0

    • SHA1

      f52e3720662036fbfd2e1c181d688e1ebaf316df

    • SHA256

      5229baea0cc6ef10faa54de3fa6688641ac8ccb6273906ec5c0e1436a005d958

    • SHA512

      aa57128a8d2d1687bce1b527892fa0f281fa5f96303e254b470c86b173084dee943fc1923e89d8e78eaf1fa7fd0fcdc3d32fd14d1ff9a25ef6af9c613c3de980

    • SSDEEP

      12288:29Ecfo8ivd+L3TT6S19c+7G5ybqmVUeSwEql2PXj9:tCiV+L3TT689cqGK3aqlyZ

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks