Overview

overview

10

Static

static

3

01fa9659c6...18.exe

windows7-x64

10

01fa9659c6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    01fa9659c62b4699985188ae80d7fa2d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240622-nwk6kawhkf

  • MD5

    01fa9659c62b4699985188ae80d7fa2d

  • SHA1

    108567610e0269ba4967f61727bc3f6baaa95d18

  • SHA256

    f29ffa23837325af7c6c565da10d7231a14a030ce6c73abf8cffd53812643730

  • SHA512

    82729990c9e2240a37b5f8f1d0e33959b4223cc67f80f38b83a94b92208eb16d357f95cd3a14a3adfafc705b5414dff2e6303f9269a7280f8790c7986e4cef5d

  • SSDEEP

    24576:DU4oTndS4v35MDkkN9hBdwKXoNdG/WgzsP5ybVte+Prf+6WzGqu7I:DULTnI4P5MaUiQB7rW6Wzm

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      01fa9659c62b4699985188ae80d7fa2d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      01fa9659c62b4699985188ae80d7fa2d

    • SHA1

      108567610e0269ba4967f61727bc3f6baaa95d18

    • SHA256

      f29ffa23837325af7c6c565da10d7231a14a030ce6c73abf8cffd53812643730

    • SHA512

      82729990c9e2240a37b5f8f1d0e33959b4223cc67f80f38b83a94b92208eb16d357f95cd3a14a3adfafc705b5414dff2e6303f9269a7280f8790c7986e4cef5d

    • SSDEEP

      24576:DU4oTndS4v35MDkkN9hBdwKXoNdG/WgzsP5ybVte+Prf+6WzGqu7I:DULTnI4P5MaUiQB7rW6Wzm

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks