General

  • Target

    a2a5e09f8ab3e116a51e1e6b968e1ec9_JaffaCakes118

  • Size

    494KB

  • Sample

    241126-snjd8awqat

  • MD5

    a2a5e09f8ab3e116a51e1e6b968e1ec9

  • SHA1

    3df06912a734a1a883b558e926ac478499be59aa

  • SHA256

    ce3a44c2e4e03c465ea022d6b8b28b680088d0dcf899934da94da894eae42750

  • SHA512

    23f39124321faf71830823051c7ccda43332dc05cd5a11244e98ae5dc157ac129335e72bf42b2b5e450f61472c6917d5b8e6d520148ef8b00ded6b4c75655028

  • SSDEEP

    12288:RbezHjnVySxaWOIxZESa4NbZEAahLn53xWQc6qt9N:wntZrxJa4nol3xWQc6qtz

Malware Config

Targets

    • Target

      a2a5e09f8ab3e116a51e1e6b968e1ec9_JaffaCakes118

    • Size

      494KB

    • MD5

      a2a5e09f8ab3e116a51e1e6b968e1ec9

    • SHA1

      3df06912a734a1a883b558e926ac478499be59aa

    • SHA256

      ce3a44c2e4e03c465ea022d6b8b28b680088d0dcf899934da94da894eae42750

    • SHA512

      23f39124321faf71830823051c7ccda43332dc05cd5a11244e98ae5dc157ac129335e72bf42b2b5e450f61472c6917d5b8e6d520148ef8b00ded6b4c75655028

    • SSDEEP

      12288:RbezHjnVySxaWOIxZESa4NbZEAahLn53xWQc6qt9N:wntZrxJa4nol3xWQc6qtz

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks