Overview

overview

10

Static

static

3

20b1266ec4...18.exe

windows7-x64

10

20b1266ec4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20b1266ec42cdff1978ea6ab215ea28f_JaffaCakes118

  • Size

    963KB

  • Sample

    240703-ccnxka1fng

  • MD5

    20b1266ec42cdff1978ea6ab215ea28f

  • SHA1

    28f8955cbd78404533d6d9ac5bbe29379b15780a

  • SHA256

    2d20ee9d7a95cc18a3f73c60fbdfac86ac06079e96a90282a8cd79b57a32e9a0

  • SHA512

    28e8df677e32ae7c74559b506b8a50dac4f33249e28adf906d5a6f4f6bcf80769578c1028587f37ea39d7dcd1a2b1fd470f42cef70f71f3120ba84b083661d2c

  • SSDEEP

    24576:C61riDJ3Xx8QtA1ibr2cHrOqZnHyfAfNhCQJkz3S7ihN:C0u3zzigSENkyr+hN

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      20b1266ec42cdff1978ea6ab215ea28f_JaffaCakes118

    • Size

      963KB

    • MD5

      20b1266ec42cdff1978ea6ab215ea28f

    • SHA1

      28f8955cbd78404533d6d9ac5bbe29379b15780a

    • SHA256

      2d20ee9d7a95cc18a3f73c60fbdfac86ac06079e96a90282a8cd79b57a32e9a0

    • SHA512

      28e8df677e32ae7c74559b506b8a50dac4f33249e28adf906d5a6f4f6bcf80769578c1028587f37ea39d7dcd1a2b1fd470f42cef70f71f3120ba84b083661d2c

    • SSDEEP

      24576:C61riDJ3Xx8QtA1ibr2cHrOqZnHyfAfNhCQJkz3S7ihN:C0u3zzigSENkyr+hN

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks