General

  • Target

    JaffaCakes118_206d3feff992b73f942faf61a3feb937

  • Size

    389KB

  • Sample

    250124-mca1tavlfq

  • MD5

    206d3feff992b73f942faf61a3feb937

  • SHA1

    2d094207dabd70dca35d1d26ee9482cf3aeda949

  • SHA256

    d84527c17d545b9b10fb4b8bcb7bcc179f6f2d046e928c2cd3ed3940de8ad4df

  • SHA512

    b1d95397bab9347c330404d58d0ca1f39311b75026da9a7ae07bcafa41ea5509c508a72071f4584c2a02ec34a7d872c86a02cf8ae83d91277b7908493de28fcc

  • SSDEEP

    12288:DP6JTxHHaVFoHmr9x70L41wC3OIOeWsr/iJJ3:2xnlHmrf0s1XGePkJ

Malware Config

Targets

    • Target

      JaffaCakes118_206d3feff992b73f942faf61a3feb937

    • Size

      389KB

    • MD5

      206d3feff992b73f942faf61a3feb937

    • SHA1

      2d094207dabd70dca35d1d26ee9482cf3aeda949

    • SHA256

      d84527c17d545b9b10fb4b8bcb7bcc179f6f2d046e928c2cd3ed3940de8ad4df

    • SHA512

      b1d95397bab9347c330404d58d0ca1f39311b75026da9a7ae07bcafa41ea5509c508a72071f4584c2a02ec34a7d872c86a02cf8ae83d91277b7908493de28fcc

    • SSDEEP

      12288:DP6JTxHHaVFoHmr9x70L41wC3OIOeWsr/iJJ3:2xnlHmrf0s1XGePkJ

    • Ardamax

      A keylogger first seen in 2013.

    • Ardamax family

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Drops file in System32 directory

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

MITRE ATT&CK Enterprise v15

Tasks