General

  • Target

    ac9a385ed349751e547ee50af45aa349_JaffaCakes118

  • Size

    599KB

  • Sample

    241128-rjc6zawjar

  • MD5

    ac9a385ed349751e547ee50af45aa349

  • SHA1

    36396fe242269825f3ad73f0254bc542ec71fc95

  • SHA256

    df960a52ca77f69ceded3d6767a7d99cfcb96678a975179ba149a935124345d4

  • SHA512

    ebb500f3c7b11a9cd795488ee8100e6076eeeedad13d282d9bce162fe21e40d3bd0407cdf8bb1b88d6360727db40526d72c7d45785aaa41ddebe8187e32aea66

  • SSDEEP

    12288:IuPZTkZz7IaD2IbjUTOSm4l0Ht1D1ViKCeKR7FXwdLGP2O9N3:IoZS7IaDffUT5m4l0Ht1DjjKPRPnN3

Malware Config

Targets

    • Target

      Install.exe

    • Size

      623KB

    • MD5

      a6a6d117db896ef94a55b8447f042287

    • SHA1

      3054359e47098a2486cabd3497651e097a416fdc

    • SHA256

      e13df26ff6cec13b9214d5913866a97f92b12993453452040239a8503c5ebd2a

    • SHA512

      057279dada7162565d9dd72c0e1be121b9aa97f753f9eccc5e20381c599b43fc35b746b2c549c46341396449e79ed36dbee40264b977065f72ba7943fd6ec8cb

    • SSDEEP

      12288:2EE2KG1pyiwMW8MVzoAbSvK4QL9QSnDE5R691w6MIAtaAnWkgeCb3bEn2zBPpnsc:C2VjwMqVzEC4cE5Raw6MIAEAWkNCg8gc

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks