Overview

overview

10

Static

static

3

48977331ef...18.exe

windows7-x64

10

48977331ef...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48977331ef395658fde3ec1596e80fa3_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240715-g5rldavflh

  • MD5

    48977331ef395658fde3ec1596e80fa3

  • SHA1

    35e93ad49ad3341dcb4db31b214986dbc99d4820

  • SHA256

    4cf308143f01db4d5080cf334bc6423f2985ddabbcf335a570db5223c745061e

  • SHA512

    667c9180003c8bf71083fccee4d529511d2ec66e9167a228b81f187409446994c93bdfb3995eea9a217f5f2f762025bafe0750a0075bd60b54cc5b82fa09830c

  • SSDEEP

    24576:U64MVTOqYM+7AJLIJEk4h9moouq1UzKGli0fG0XfbWWZTkOcdzv8zsAWZ8o:U64MTOqY1AIEk8KGAoG0zVtGOsAk8

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      48977331ef395658fde3ec1596e80fa3_JaffaCakes118

    • Size

      1.2MB

    • MD5

      48977331ef395658fde3ec1596e80fa3

    • SHA1

      35e93ad49ad3341dcb4db31b214986dbc99d4820

    • SHA256

      4cf308143f01db4d5080cf334bc6423f2985ddabbcf335a570db5223c745061e

    • SHA512

      667c9180003c8bf71083fccee4d529511d2ec66e9167a228b81f187409446994c93bdfb3995eea9a217f5f2f762025bafe0750a0075bd60b54cc5b82fa09830c

    • SSDEEP

      24576:U64MVTOqYM+7AJLIJEk4h9moouq1UzKGli0fG0XfbWWZTkOcdzv8zsAWZ8o:U64MTOqY1AIEk8KGAoG0zVtGOsAk8

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks