Overview

overview

10

Static

static

3

3cbe1507a1...18.exe

windows7-x64

10

3cbe1507a1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3cbe1507a126734fe5f660d67e01b72c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240712-kznjbawhkp

  • MD5

    3cbe1507a126734fe5f660d67e01b72c

  • SHA1

    f363d0a5e94f1f005f7618e496e640a7b89c28f7

  • SHA256

    2fc05bf631eb6f5672aaaa5ca9877baa0bffb21bdcd2ed33fa622c026978614f

  • SHA512

    8f5a5f1d7e5f2f39deb07515ca8c8f08692e600f6c35e42f3fade49768588e9f50befdbc48247d77bdb618bb010200850be4cffe7dccbb4efe888a62615f811f

  • SSDEEP

    24576:uVaUTDKGUL6CI0ogw4pi3H2UU7C6MrgP5tkl5uR8daD3IR/xAthsQr+hGmv:uVrTgmCI0onlHgC6MUP5E4RkK3Ikt6QC

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      3cbe1507a126734fe5f660d67e01b72c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      3cbe1507a126734fe5f660d67e01b72c

    • SHA1

      f363d0a5e94f1f005f7618e496e640a7b89c28f7

    • SHA256

      2fc05bf631eb6f5672aaaa5ca9877baa0bffb21bdcd2ed33fa622c026978614f

    • SHA512

      8f5a5f1d7e5f2f39deb07515ca8c8f08692e600f6c35e42f3fade49768588e9f50befdbc48247d77bdb618bb010200850be4cffe7dccbb4efe888a62615f811f

    • SSDEEP

      24576:uVaUTDKGUL6CI0ogw4pi3H2UU7C6MrgP5tkl5uR8daD3IR/xAthsQr+hGmv:uVrTgmCI0onlHgC6MUP5E4RkK3Ikt6QC

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks