Overview

overview

10

Static

static

3

08d5fc5ef8...18.exe

windows7-x64

10

08d5fc5ef8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    08d5fc5ef824af296fc8b6620d71966d_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240624-qxdh8avckf

  • MD5

    08d5fc5ef824af296fc8b6620d71966d

  • SHA1

    d98777a2839268ad24f04d88ed9f91f2e703c517

  • SHA256

    587adcea05d4914bcfd81a66b32dcf1ec79ee36e5198132acda2c88233803caf

  • SHA512

    1107881da569112987a2f0cfa34047f69ef3134551fb508c86b7a87cbc7b79c996b7fcc0512c8a0ba5138549a4ae37e507ae2f0fd7567013e2a6942ff3140cb9

  • SSDEEP

    24576:fHvZT/kzehr3y0UPtY9k+GKJvWbpl2mjqV2mkHBG2Ivr+2hAxpCUE74+rzSndX+:/BT/TbilYm+JOpcA02mkhG2Ir+2hAXC4

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      08d5fc5ef824af296fc8b6620d71966d_JaffaCakes118

    • Size

      1.1MB

    • MD5

      08d5fc5ef824af296fc8b6620d71966d

    • SHA1

      d98777a2839268ad24f04d88ed9f91f2e703c517

    • SHA256

      587adcea05d4914bcfd81a66b32dcf1ec79ee36e5198132acda2c88233803caf

    • SHA512

      1107881da569112987a2f0cfa34047f69ef3134551fb508c86b7a87cbc7b79c996b7fcc0512c8a0ba5138549a4ae37e507ae2f0fd7567013e2a6942ff3140cb9

    • SSDEEP

      24576:fHvZT/kzehr3y0UPtY9k+GKJvWbpl2mjqV2mkHBG2Ivr+2hAxpCUE74+rzSndX+:/BT/TbilYm+JOpcA02mkhG2Ir+2hAXC4

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks