Overview

overview

10

Static

static

3

081f71ce39...18.exe

windows7-x64

10

081f71ce39...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    081f71ce39d735bdba03b9203ac4bf5b_JaffaCakes118

  • Size

    496KB

  • Sample

    240624-m4zs9aydme

  • MD5

    081f71ce39d735bdba03b9203ac4bf5b

  • SHA1

    9229a966d9897e442f07afe4afd1596ecd94476d

  • SHA256

    423ba8bb085cd72a79488432ca0da175011943bc065b0f999fd2f733820ffdf9

  • SHA512

    ea20b2e5a0e79b199b06a3adedaf79fb5bc4630d734ff6c5dfeaaef92fc50fc4782f2418ba16255ffd01b98f9dfdcfa293530d1732e666adb5559b6539b221ed

  • SSDEEP

    12288:+R2papuBaEBTuHqmDMOXihpQZYwrKxRnwoHBDHawEnkEIbzRYfQ5:spGBCKm+h2sJhHAnkEiYfQ5

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      081f71ce39d735bdba03b9203ac4bf5b_JaffaCakes118

    • Size

      496KB

    • MD5

      081f71ce39d735bdba03b9203ac4bf5b

    • SHA1

      9229a966d9897e442f07afe4afd1596ecd94476d

    • SHA256

      423ba8bb085cd72a79488432ca0da175011943bc065b0f999fd2f733820ffdf9

    • SHA512

      ea20b2e5a0e79b199b06a3adedaf79fb5bc4630d734ff6c5dfeaaef92fc50fc4782f2418ba16255ffd01b98f9dfdcfa293530d1732e666adb5559b6539b221ed

    • SSDEEP

      12288:+R2papuBaEBTuHqmDMOXihpQZYwrKxRnwoHBDHawEnkEIbzRYfQ5:spGBCKm+h2sJhHAnkEiYfQ5

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks