Overview

overview

10

Static

static

7

AUTO ESTAG...11.exe

windows7-x64

10

AUTO ESTAG...11.exe

windows10-2004-x64

10

BouncyMelon2.dll

windows7-x64

7

BouncyMelon2.dll

windows10-2004-x64

7

ogg.dll

windows7-x64

7

ogg.dll

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9747204ad8be4f83034a17715afcd2e_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240419-ej6r3ahb2y

  • MD5

    f9747204ad8be4f83034a17715afcd2e

  • SHA1

    964c5577fe96cc280f325e632134f26a0f567ec8

  • SHA256

    14f451b48b16c362c84da734d2874f438642667ff06d1ea628de8856f91f07be

  • SHA512

    45ac450fb0c6af01e186493c3ef7c5e98d277f3a9bae5e0a82d9e6387927411dbaba15b41d3bb0c05e453fb4acede9c8f7c7a277773b3958fc566519d06c0433

  • SSDEEP

    24576:bvUgJYfxUcAeGfnQgz4hfi0BMGKumjllSsdCQJfqkkmFRj+JJsQ/HmO:bvUBnpy5sK0BfKdjCssQJykVFZmuQ/R

Score
10/10
ardamaxkeyloggerpersistencestealerupx

Malware Config

Targets

    • Target

      AUTO ESTAGUE HOY 15-02-2011.exe

    • Size

      1.1MB

    • MD5

      181770f32750877d12446b94011248c2

    • SHA1

      46b757a6411033ec54fdff579e871dfd14380929

    • SHA256

      0f1bc46d08cb9cd5cc849b7fe25c6f4c2188def95feb12d51c2f83567367e3ab

    • SHA512

      3c64a1ab4b2818a288f9fd898fcc7383720b239d67a91442f0d6df850722336960630fa5df1429724ae1162070415184a25c56740c621d3abd3a5d59a30883d9

    • SSDEEP

      24576:uHvZT7DXBBaqBbuZhBkOS1rc5G71hexAYUIcXCWfCim+39lclHB3B:eBT7rLaqQz7Q/XvLm+NlEh

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      BouncyMelon2.DLL

    • Size

      219KB

    • MD5

      d5bce1333c34cffe879288f6452487d0

    • SHA1

      e52b0b39fe3e8a4c705388bd8cee7cb3ceef3765

    • SHA256

      9b518c224ccb73f7bbcabb8889032997e7b78ceb3bfd13a48194011f99c0616b

    • SHA512

      0e4b4491c14930d3ccd0b32ba7d8dc97379211bf04e937cf36fcbf0c7391574860f730415dbc659e6536ac53758d1e69e955e9e3653b0bc3841749e9414efda5

    • SSDEEP

      6144:3CeLxiFrCq3MOqh/G5LE9G2tehangvp2RJQ4OJ:1YMOqCE98Qgp2RJOJ

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral3behavioral4

    • Target

      ogg.dll

    • Size

      29KB

    • MD5

      df5ed5803543362e442a53dab6a71aab

    • SHA1

      b40fae87a2beafb2ae374781f433417cf276f569

    • SHA256

      7dbb2d8b390d53c68ae9e9841b75cebac3817f58d28dd47d533543c4158753f9

    • SHA512

      11e49268f7c77114c577b312e1c74399258807b812c8dca6980941ac7ddd259601f01ca571010feacf483dd934334ecb429132b7f7d3753f01b5d1798bb1c8f3

    • SSDEEP

      96:cYc/7r+lyhwRFhWGhlJta9quv2HtZS5IED2q+WUTDMcLrQxXiDG9icgR2pRPbO:cpFsFhW01ag13WUTHLqh9i15

    Score
    7/10
    upx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks