General

  • Target

    ab96d11e6643d675c853f83753b51c1e_JaffaCakes118

  • Size

    675KB

  • Sample

    241128-jtztqaxjfk

  • MD5

    ab96d11e6643d675c853f83753b51c1e

  • SHA1

    f388ead80109ec4f714d48e841ae9188f89b61ee

  • SHA256

    d9c06711926d23d2c0b85447a75e0b5ba6af0d94afcb79cfb6915c72ada1b135

  • SHA512

    d13b965dae013d6ea2d681c63450fad4c0f18cbd3afac211b84eac3064920f13d3cdd4c4476843cab463195431cb52f7eb99393a227421d8bf89d33488315c95

  • SSDEEP

    12288:fTdED8z8zfnAUU2YgzPo3QL/wkZOrPm9lU9e7NYAg+q:pEuym2YgzPCQLxOrPmlU9SN5Lq

Malware Config

Targets

    • Target

      ab96d11e6643d675c853f83753b51c1e_JaffaCakes118

    • Size

      675KB

    • MD5

      ab96d11e6643d675c853f83753b51c1e

    • SHA1

      f388ead80109ec4f714d48e841ae9188f89b61ee

    • SHA256

      d9c06711926d23d2c0b85447a75e0b5ba6af0d94afcb79cfb6915c72ada1b135

    • SHA512

      d13b965dae013d6ea2d681c63450fad4c0f18cbd3afac211b84eac3064920f13d3cdd4c4476843cab463195431cb52f7eb99393a227421d8bf89d33488315c95

    • SSDEEP

      12288:fTdED8z8zfnAUU2YgzPo3QL/wkZOrPm9lU9e7NYAg+q:pEuym2YgzPCQLxOrPmlU9SN5Lq

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks