General

  • Target

    a8342800e4558d5cffa84627bea5c12b_JaffaCakes118

  • Size

    899KB

  • Sample

    241127-rfjvcasqgp

  • MD5

    a8342800e4558d5cffa84627bea5c12b

  • SHA1

    3771e9d8933fd9e3e65b533f528c239031e603b8

  • SHA256

    156591b9f7812e7210e21e81bb201a74eea43243cf33726f9d778eb29e7de881

  • SHA512

    d4284a2c1fafcdde648541e1606ac2785812eac9a26a68d71e3183d2407f46d7b91bcc7da760563ca542ea0f30282710bd3cfe309c091149c72906299b3a1428

  • SSDEEP

    24576:Mk/ATDbn6fjlV2wwggxe83DGes1kKA1Sl:VoTH6fjVLg4gV0

Malware Config

Targets

    • Target

      a8342800e4558d5cffa84627bea5c12b_JaffaCakes118

    • Size

      899KB

    • MD5

      a8342800e4558d5cffa84627bea5c12b

    • SHA1

      3771e9d8933fd9e3e65b533f528c239031e603b8

    • SHA256

      156591b9f7812e7210e21e81bb201a74eea43243cf33726f9d778eb29e7de881

    • SHA512

      d4284a2c1fafcdde648541e1606ac2785812eac9a26a68d71e3183d2407f46d7b91bcc7da760563ca542ea0f30282710bd3cfe309c091149c72906299b3a1428

    • SSDEEP

      24576:Mk/ATDbn6fjlV2wwggxe83DGes1kKA1Sl:VoTH6fjVLg4gV0

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks