Overview

overview

10

Static

static

3

1fd8ad69e0...18.exe

windows7-x64

10

1fd8ad69e0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1fd8ad69e0cb3bc24cdc8d7be3225cce_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240702-s1lp4stbrn

  • MD5

    1fd8ad69e0cb3bc24cdc8d7be3225cce

  • SHA1

    7638ee4bdec7a025089a2d5d84303c97cec36cf5

  • SHA256

    8d0950a059c12d751f4273dfd4dc70dea3c1e2ab0c61bf6703e366aa1b7d2541

  • SHA512

    e1e116f6116fd708c74a91b4e0b4e99c88066f93dc83c9a11a013b6c59f5bcb150337e7e5bdb1128cdf774966dcd9be3bd575a8803944a1015ccf2ba6ad4a42a

  • SSDEEP

    24576:qU/pTvAL44V6zejWRIkjITTOtkurzzbU/RLNQ6yRfVSfK3M+99WvdoD8yjH+aZH:DRTvUfkIkIOtkGIQ6fiX9c0r

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      1fd8ad69e0cb3bc24cdc8d7be3225cce_JaffaCakes118

    • Size

      1.6MB

    • MD5

      1fd8ad69e0cb3bc24cdc8d7be3225cce

    • SHA1

      7638ee4bdec7a025089a2d5d84303c97cec36cf5

    • SHA256

      8d0950a059c12d751f4273dfd4dc70dea3c1e2ab0c61bf6703e366aa1b7d2541

    • SHA512

      e1e116f6116fd708c74a91b4e0b4e99c88066f93dc83c9a11a013b6c59f5bcb150337e7e5bdb1128cdf774966dcd9be3bd575a8803944a1015ccf2ba6ad4a42a

    • SSDEEP

      24576:qU/pTvAL44V6zejWRIkjITTOtkurzzbU/RLNQ6yRfVSfK3M+99WvdoD8yjH+aZH:DRTvUfkIkIOtkGIQ6fiX9c0r

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks