General

  • Target

    d5de340019d8687637ad99a160f19b69_JaffaCakes118

  • Size

    169KB

  • Sample

    241208-h4nnrs1rdq

  • MD5

    d5de340019d8687637ad99a160f19b69

  • SHA1

    4daa9e192d7f822b0d69e6c205bb68cb35b5fc7f

  • SHA256

    eb1e406d4298da84b08caee6c2043a581e050d5273fe2f0316500cef44f7e9bc

  • SHA512

    849bb2b33d5193afba408a237c18e60bd0a30a1ef500c0031b0435c4eb552ff69d200f298e39fe223e7de0f347f79c52b6237482d8f4898720f540bc6e221ce7

  • SSDEEP

    3072:JCNmpyGimw1HinXctHBfa6iAiRfAv/Go7l9zRuptV5B:WmpyGk1HmstHJa6ouOcNRwtfB

Malware Config

Targets

    • Target

      d5de340019d8687637ad99a160f19b69_JaffaCakes118

    • Size

      169KB

    • MD5

      d5de340019d8687637ad99a160f19b69

    • SHA1

      4daa9e192d7f822b0d69e6c205bb68cb35b5fc7f

    • SHA256

      eb1e406d4298da84b08caee6c2043a581e050d5273fe2f0316500cef44f7e9bc

    • SHA512

      849bb2b33d5193afba408a237c18e60bd0a30a1ef500c0031b0435c4eb552ff69d200f298e39fe223e7de0f347f79c52b6237482d8f4898720f540bc6e221ce7

    • SSDEEP

      3072:JCNmpyGimw1HinXctHBfa6iAiRfAv/Go7l9zRuptV5B:WmpyGk1HmstHJa6ouOcNRwtfB

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.