General

  • Target

    b969cf5c984dc4f73b7d5f5bc728e434_JaffaCakes118

  • Size

    419KB

  • Sample

    241202-waklxavla1

  • MD5

    b969cf5c984dc4f73b7d5f5bc728e434

  • SHA1

    6a94c90c918028f94a3b0079f69e9ef93c786946

  • SHA256

    ed6d20f76b6a57ebbc6d44027750c691eca7f3d09d981944ffa3b7154b537cc8

  • SHA512

    43c6737429522ddbf5d48a8b6f06ea977be64e3c8346e142d0b1ec8b9053e436d877040e1f1db3c8c8bf1f106a2ad85fdddf759f80f285c473631d7e5c5d9fd0

  • SSDEEP

    12288:HrzyIzIGSRYMM0zVZakM+nczLi81SVGj65+JHk:6IzZ6YPkT6i8wv8Hk

Malware Config

Targets

    • Target

      b969cf5c984dc4f73b7d5f5bc728e434_JaffaCakes118

    • Size

      419KB

    • MD5

      b969cf5c984dc4f73b7d5f5bc728e434

    • SHA1

      6a94c90c918028f94a3b0079f69e9ef93c786946

    • SHA256

      ed6d20f76b6a57ebbc6d44027750c691eca7f3d09d981944ffa3b7154b537cc8

    • SHA512

      43c6737429522ddbf5d48a8b6f06ea977be64e3c8346e142d0b1ec8b9053e436d877040e1f1db3c8c8bf1f106a2ad85fdddf759f80f285c473631d7e5c5d9fd0

    • SSDEEP

      12288:HrzyIzIGSRYMM0zVZakM+nczLi81SVGj65+JHk:6IzZ6YPkT6i8wv8Hk

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks