Overview

overview

10

Static

static

3

0b2a0f61a2...18.exe

windows7-x64

10

0b2a0f61a2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0b2a0f61a209e24a7d7b2c2d5efb4d68_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240624-249qsazgnq

  • MD5

    0b2a0f61a209e24a7d7b2c2d5efb4d68

  • SHA1

    e30c8003ae6133e7a0b477a7342a2de3ddf97c24

  • SHA256

    e889f3b105b1d83f29865201a20712aad394018c90a2b00a84aa1af5d33625aa

  • SHA512

    1476d3128351a09897052ac12bfabb879643ea3574977ad440a11d171a184e0a68da832152ba9b1406090da91fe7d55e2515afbb635108c12e1193bb32e26120

  • SSDEEP

    24576:XZxTKuLdOKyUOIot1JvKh8my39u9DhlO7XKUOOh3mreks:XXT7dOKyU2t1Jv39u9DhlO76UOW4

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      0b2a0f61a209e24a7d7b2c2d5efb4d68_JaffaCakes118

    • Size

      1.1MB

    • MD5

      0b2a0f61a209e24a7d7b2c2d5efb4d68

    • SHA1

      e30c8003ae6133e7a0b477a7342a2de3ddf97c24

    • SHA256

      e889f3b105b1d83f29865201a20712aad394018c90a2b00a84aa1af5d33625aa

    • SHA512

      1476d3128351a09897052ac12bfabb879643ea3574977ad440a11d171a184e0a68da832152ba9b1406090da91fe7d55e2515afbb635108c12e1193bb32e26120

    • SSDEEP

      24576:XZxTKuLdOKyUOIot1JvKh8my39u9DhlO7XKUOOh3mreks:XXT7dOKyU2t1Jv39u9DhlO76UOW4

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks