Overview

overview

10

Static

static

3

0d0a67ccea...18.exe

windows7-x64

10

0d0a67ccea...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0d0a67ccea7b5969c94d0315012d2f80_JaffaCakes118

  • Size

    991KB

  • Sample

    240625-g86vgaxhkq

  • MD5

    0d0a67ccea7b5969c94d0315012d2f80

  • SHA1

    2ead9badbc6e6c8954058bf8f88903588e926ec1

  • SHA256

    9858205318c5a4df73d18e6d814ce6712f154c3ebc3af4acf44a68879613a562

  • SHA512

    f10dbfffba2e3c57c45ca68883c1f4f9027c734dc047303eda1e74f56ec9267d6f5f12129f21e63cd224639f0b5181fe802c054bb72873f2116b42c8231f3244

  • SSDEEP

    24576:B64MVTqdySnIS1KwMlyqqf6CpqkvNq9JcS8cR0tgYy1K:B64MTqUS1KRyWErqnTR0tgd1

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      0d0a67ccea7b5969c94d0315012d2f80_JaffaCakes118

    • Size

      991KB

    • MD5

      0d0a67ccea7b5969c94d0315012d2f80

    • SHA1

      2ead9badbc6e6c8954058bf8f88903588e926ec1

    • SHA256

      9858205318c5a4df73d18e6d814ce6712f154c3ebc3af4acf44a68879613a562

    • SHA512

      f10dbfffba2e3c57c45ca68883c1f4f9027c734dc047303eda1e74f56ec9267d6f5f12129f21e63cd224639f0b5181fe802c054bb72873f2116b42c8231f3244

    • SSDEEP

      24576:B64MVTqdySnIS1KwMlyqqf6CpqkvNq9JcS8cR0tgYy1K:B64MTqUS1KRyWErqnTR0tgd1

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks