General

  • Target

    a6bb566b6812c7511f55acddba84ed3d_JaffaCakes118

  • Size

    1.1MB

  • Sample

    241127-jnm8qsvjfz

  • MD5

    a6bb566b6812c7511f55acddba84ed3d

  • SHA1

    3b0202572557f79336c4fda9fa678747655eec22

  • SHA256

    1a43f2b5d4dd33b2ee8b67fc436d63b6c6f1aeee622ada3ab1c7587436ebfd80

  • SHA512

    334a24a01e94a82d5742cf1d62fc24249d0ed31eabfb31ab66a20fb086e10ac6d1f3bb0cb6f6d6fafc09cb4bf4e1ee60066863deb634f1f29cd3556214017e76

  • SSDEEP

    24576:OzddXvhObfrSV4KOdVHb2UbBBBbnHumHgBn4nuiv6bYFas:Ob/cbaAHbVzu8gl4nuiRF

Malware Config

Targets

    • Target

      a6bb566b6812c7511f55acddba84ed3d_JaffaCakes118

    • Size

      1.1MB

    • MD5

      a6bb566b6812c7511f55acddba84ed3d

    • SHA1

      3b0202572557f79336c4fda9fa678747655eec22

    • SHA256

      1a43f2b5d4dd33b2ee8b67fc436d63b6c6f1aeee622ada3ab1c7587436ebfd80

    • SHA512

      334a24a01e94a82d5742cf1d62fc24249d0ed31eabfb31ab66a20fb086e10ac6d1f3bb0cb6f6d6fafc09cb4bf4e1ee60066863deb634f1f29cd3556214017e76

    • SSDEEP

      24576:OzddXvhObfrSV4KOdVHb2UbBBBbnHumHgBn4nuiv6bYFas:Ob/cbaAHbVzu8gl4nuiRF

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks