Overview

overview

10

Static

static

3

013297490b...18.exe

windows7-x64

10

013297490b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    013297490bd66660c23772df1c8ed3c3_JaffaCakes118

  • Size

    527KB

  • Sample

    240622-erlf4axdkf

  • MD5

    013297490bd66660c23772df1c8ed3c3

  • SHA1

    ec0e8427e9f782d74c6a117c45a8087a5dc4fda8

  • SHA256

    22a38132de3e3d09ca17097270087da4855dc78e47032933f4ade720886887b0

  • SHA512

    e0fd3029e9ff328488de3252b9d11c0816f64504cc10d49b9545f63de64e0e9bc1b556713b861fa3f49dd0a436eb9b365b9818748ecb20d14a203909ddcf0cd5

  • SSDEEP

    12288:FIp+rzdTuSjog58qnbvaurcIddZh2bCAHdZjmEYNJC+bhqANzvj2154:e+rkScXqbv3ddZS99zYzC+bhba1a

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      013297490bd66660c23772df1c8ed3c3_JaffaCakes118

    • Size

      527KB

    • MD5

      013297490bd66660c23772df1c8ed3c3

    • SHA1

      ec0e8427e9f782d74c6a117c45a8087a5dc4fda8

    • SHA256

      22a38132de3e3d09ca17097270087da4855dc78e47032933f4ade720886887b0

    • SHA512

      e0fd3029e9ff328488de3252b9d11c0816f64504cc10d49b9545f63de64e0e9bc1b556713b861fa3f49dd0a436eb9b365b9818748ecb20d14a203909ddcf0cd5

    • SSDEEP

      12288:FIp+rzdTuSjog58qnbvaurcIddZh2bCAHdZjmEYNJC+bhqANzvj2154:e+rkScXqbv3ddZS99zYzC+bhba1a

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks