Overview

overview

10

Static

static

3

423585a651...18.exe

windows7-x64

10

423585a651...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    423585a651b291df62267af92adf57ee_JaffaCakes118

  • Size

    762KB

  • Sample

    240713-skftxswbln

  • MD5

    423585a651b291df62267af92adf57ee

  • SHA1

    25ae0147966ea19cedcb8772f82e20e8719da595

  • SHA256

    ad51563ae15c4963d9022913df7698c114edebd3bd4541df1b560a3e7e953d40

  • SHA512

    0412800a42f3a4ae3ced20ac86b97ad15823a5fed0216b53bc7f7d9fc71fd5e4f1d4b8b60d09240b08581385a8eae33cbd3568af10f2ccc4b015578f7204be87

  • SSDEEP

    12288:aGuXYPfSGSA6xeP4bcuwDzl32GP+2hi6VMR75JbvoT5ElO4wR7T83RrOPQ0UEGoN:Okfv6sfEGP+2hi6CRdJLE5WOJxToSQLA

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      423585a651b291df62267af92adf57ee_JaffaCakes118

    • Size

      762KB

    • MD5

      423585a651b291df62267af92adf57ee

    • SHA1

      25ae0147966ea19cedcb8772f82e20e8719da595

    • SHA256

      ad51563ae15c4963d9022913df7698c114edebd3bd4541df1b560a3e7e953d40

    • SHA512

      0412800a42f3a4ae3ced20ac86b97ad15823a5fed0216b53bc7f7d9fc71fd5e4f1d4b8b60d09240b08581385a8eae33cbd3568af10f2ccc4b015578f7204be87

    • SSDEEP

      12288:aGuXYPfSGSA6xeP4bcuwDzl32GP+2hi6VMR75JbvoT5ElO4wR7T83RrOPQ0UEGoN:Okfv6sfEGP+2hi6CRdJLE5WOJxToSQLA

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks