Overview

overview

10

Static

static

3

08274e0479...18.exe

windows7-x64

10

08274e0479...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08274e04794c36866666a266901fcf81_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240624-m8lgesyerh

  • MD5

    08274e04794c36866666a266901fcf81

  • SHA1

    f04379595ff44da6d67ccab2e436b78d9121aabd

  • SHA256

    7b76ed12353d052dbae9cb592f2791e3b85e4a88363037ca622e5da838595161

  • SHA512

    9b2dd16f384c80d76230f5b57b9ff60fc47a3d9aa04b490cbae8b700982acd7c6ea4b771d6c0a0252d9a7cb6568d5d5cb8cbd48c7fc25c29c02236c3506651bf

  • SSDEEP

    24576:0HvZTDxZ2I+vFYMzAXMohyKr7wyXkFqLIOBnLo4WRY/DmgE346EzbMQbPF:8BTb2I+2iAXPQs7wakFqc2nLEgdEzHY

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      08274e04794c36866666a266901fcf81_JaffaCakes118

    • Size

      1.1MB

    • MD5

      08274e04794c36866666a266901fcf81

    • SHA1

      f04379595ff44da6d67ccab2e436b78d9121aabd

    • SHA256

      7b76ed12353d052dbae9cb592f2791e3b85e4a88363037ca622e5da838595161

    • SHA512

      9b2dd16f384c80d76230f5b57b9ff60fc47a3d9aa04b490cbae8b700982acd7c6ea4b771d6c0a0252d9a7cb6568d5d5cb8cbd48c7fc25c29c02236c3506651bf

    • SSDEEP

      24576:0HvZTDxZ2I+vFYMzAXMohyKr7wyXkFqLIOBnLo4WRY/DmgE346EzbMQbPF:8BTb2I+2iAXPQs7wakFqc2nLEgdEzHY

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks