General

  • Target

    bad745f177f89f4013b079c0178eab62_JaffaCakes118

  • Size

    789KB

  • Sample

    241203-ajvbtazmht

  • MD5

    bad745f177f89f4013b079c0178eab62

  • SHA1

    0e724b22d574f11008170a4e4c3767ca01a17922

  • SHA256

    e2e50c459c2bf682f4aa695dfd1d531753ea9f3b25368227f9f5e954708634c2

  • SHA512

    6c0bdc5451cdbd6476bcd52d216ab4356a24ef62d2f9c3fe83ba13dfd132973aebe5862c524a3bd5e602b8d82920ea886fdc4ba875fcebafdf737f4d1700d22e

  • SSDEEP

    24576:du0UDwcQqxpEjIO3ddsHQXCqJTBCnQGatpxz:durccO5pJTB/Rpxz

Malware Config

Targets

    • Target

      bad745f177f89f4013b079c0178eab62_JaffaCakes118

    • Size

      789KB

    • MD5

      bad745f177f89f4013b079c0178eab62

    • SHA1

      0e724b22d574f11008170a4e4c3767ca01a17922

    • SHA256

      e2e50c459c2bf682f4aa695dfd1d531753ea9f3b25368227f9f5e954708634c2

    • SHA512

      6c0bdc5451cdbd6476bcd52d216ab4356a24ef62d2f9c3fe83ba13dfd132973aebe5862c524a3bd5e602b8d82920ea886fdc4ba875fcebafdf737f4d1700d22e

    • SSDEEP

      24576:du0UDwcQqxpEjIO3ddsHQXCqJTBCnQGatpxz:durccO5pJTB/Rpxz

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks