Overview

overview

10

Static

static

3

f741fb003c...18.exe

windows7-x64

10

f741fb003c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f741fb003c031e03471345563fa76daf_JaffaCakes118

  • Size

    280KB

  • Sample

    240418-eznanaah32

  • MD5

    f741fb003c031e03471345563fa76daf

  • SHA1

    43b03e408949ede146a5f6c8401dcc5d4b9f2df6

  • SHA256

    8dd0b0de7fe028c1c60a10c7439c9900fcaba63836bf7e64eac4d63c1c374547

  • SHA512

    694646134a873638554f39ee44de933b287602e96f3aab4584ff31df021bc04db61eb3e836a70c120bfab28aefe8217ea78c8468ad88092f0c17d3fe3c1ea528

  • SSDEEP

    6144:/G6xj4OMEEtV48sirJmldgZkBR+2kteKCTL4mnJdpJHSBN:/jMtV4zgJsgZ2+25jX4QdpJHUN

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      f741fb003c031e03471345563fa76daf_JaffaCakes118

    • Size

      280KB

    • MD5

      f741fb003c031e03471345563fa76daf

    • SHA1

      43b03e408949ede146a5f6c8401dcc5d4b9f2df6

    • SHA256

      8dd0b0de7fe028c1c60a10c7439c9900fcaba63836bf7e64eac4d63c1c374547

    • SHA512

      694646134a873638554f39ee44de933b287602e96f3aab4584ff31df021bc04db61eb3e836a70c120bfab28aefe8217ea78c8468ad88092f0c17d3fe3c1ea528

    • SSDEEP

      6144:/G6xj4OMEEtV48sirJmldgZkBR+2kteKCTL4mnJdpJHSBN:/jMtV4zgJsgZ2+25jX4QdpJHUN

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks