Overview

overview

10

Static

static

3

22c77ec19f...18.exe

windows7-x64

10

22c77ec19f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22c77ec19fdbc7049a312d8d29da7e88_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240703-sf97zavbpe

  • MD5

    22c77ec19fdbc7049a312d8d29da7e88

  • SHA1

    50f12f6451ce59e5449fdbce95e4363024a989e0

  • SHA256

    01a7d7e26e6948a5154cd181493c5e9b8f878e0b15104210975b4e4cd512bba6

  • SHA512

    1884f5a0d74ef461edd37163b33052db4e46a64d1c37a2eb8b162fee3c272f18fd288ba3f0f1e2e90f649ffd08c3b40a5ca85b2c48288cec391a6270eb5cfc9b

  • SSDEEP

    24576:XVaUT/+zfqacw+005WuFp0beGy/EC8h/acjXoX8VhVi6b4M2R98OqPPFGMTfcH2B:XVrTmzfqLZH5WwcjXoX8YjR6OeGMTQ2B

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      22c77ec19fdbc7049a312d8d29da7e88_JaffaCakes118

    • Size

      1.5MB

    • MD5

      22c77ec19fdbc7049a312d8d29da7e88

    • SHA1

      50f12f6451ce59e5449fdbce95e4363024a989e0

    • SHA256

      01a7d7e26e6948a5154cd181493c5e9b8f878e0b15104210975b4e4cd512bba6

    • SHA512

      1884f5a0d74ef461edd37163b33052db4e46a64d1c37a2eb8b162fee3c272f18fd288ba3f0f1e2e90f649ffd08c3b40a5ca85b2c48288cec391a6270eb5cfc9b

    • SSDEEP

      24576:XVaUT/+zfqacw+005WuFp0beGy/EC8h/acjXoX8VhVi6b4M2R98OqPPFGMTfcH2B:XVrTmzfqLZH5WwcjXoX8YjR6OeGMTQ2B

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks