Overview

overview

10

Static

static

3

0035580253...18.exe

windows7-x64

10

0035580253...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    003558025375eb8f6414cddb77524671_JaffaCakes118

  • Size

    539KB

  • Sample

    240621-3jq9davhqf

  • MD5

    003558025375eb8f6414cddb77524671

  • SHA1

    f8d4e56955e94e3f76e00b3f638de573a521863c

  • SHA256

    446135dda2669baf91c0e8c12154cd409ceb0acd9b1e248bfed2131ca3ce83e9

  • SHA512

    d07e5823ca9b6a3b8cb829b0548b93f0f1ca4a18777bc5a52acd4ef591d9605fddf7a0cefff7f84905b38f56269f2e378a472d7eeddb53c0a73403f5bbc27c50

  • SSDEEP

    12288:kIoieQW8nJf7tjsWFH2Su7ZFyR99XfQtYm6Tq6BD9fXs:4QW8nJf7tjXFHmg9vwe90

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      003558025375eb8f6414cddb77524671_JaffaCakes118

    • Size

      539KB

    • MD5

      003558025375eb8f6414cddb77524671

    • SHA1

      f8d4e56955e94e3f76e00b3f638de573a521863c

    • SHA256

      446135dda2669baf91c0e8c12154cd409ceb0acd9b1e248bfed2131ca3ce83e9

    • SHA512

      d07e5823ca9b6a3b8cb829b0548b93f0f1ca4a18777bc5a52acd4ef591d9605fddf7a0cefff7f84905b38f56269f2e378a472d7eeddb53c0a73403f5bbc27c50

    • SSDEEP

      12288:kIoieQW8nJf7tjsWFH2Su7ZFyR99XfQtYm6Tq6BD9fXs:4QW8nJf7tjXFHmg9vwe90

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks