Overview

overview

10

Static

static

3

09d4173963...18.exe

windows7-x64

10

09d4173963...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    09d4173963beb4d016c896359322a8cb_JaffaCakes118

  • Size

    504KB

  • Sample

    240624-vxajsatemh

  • MD5

    09d4173963beb4d016c896359322a8cb

  • SHA1

    4f8da4e646717693da6049b70a136ecc329730ea

  • SHA256

    3040bb05cb5fd67b6a7bc2e458ab02fcee9eeb7cdfcbced3275896e61808b401

  • SHA512

    1998f544d978d2dcb2f0966023f252a26dc38bd8ae31daf209c64cff67f27473afbd6f71bac41038d6b4a7af0b08d1a59c69138e645de18ec69751ea37fc20a8

  • SSDEEP

    12288:ebD68wl96bpAqQ2MWh2zzKs5Y2UkkMTEqZOIQV:1BqQ24zzY2U5qS

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      09d4173963beb4d016c896359322a8cb_JaffaCakes118

    • Size

      504KB

    • MD5

      09d4173963beb4d016c896359322a8cb

    • SHA1

      4f8da4e646717693da6049b70a136ecc329730ea

    • SHA256

      3040bb05cb5fd67b6a7bc2e458ab02fcee9eeb7cdfcbced3275896e61808b401

    • SHA512

      1998f544d978d2dcb2f0966023f252a26dc38bd8ae31daf209c64cff67f27473afbd6f71bac41038d6b4a7af0b08d1a59c69138e645de18ec69751ea37fc20a8

    • SSDEEP

      12288:ebD68wl96bpAqQ2MWh2zzKs5Y2UkkMTEqZOIQV:1BqQ24zzY2U5qS

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks