Overview

overview

10

Static

static

3

4b74d21e04...18.exe

windows7-x64

10

4b74d21e04...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4b74d21e0431fdafeb4bcad97fd89e31_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240715-z7xvaazdpk

  • MD5

    4b74d21e0431fdafeb4bcad97fd89e31

  • SHA1

    70e32efe4ca8aa95817b249ceff32faad4c12f0c

  • SHA256

    6bf3529a21cc6ca742cd048bb6846369edf360448fe93fa856f7d754413c76fc

  • SHA512

    7ea76f5b7e247337821a3183fe78bf05bd908bf2801efaaad6c5d72756ef2b2d0999318af38cb144d759610a791019f24641c5042637e0553a37743c702d8117

  • SSDEEP

    24576:a1YLTV7I4p2dWCYyRxRRtGLQRxnS0nu1NgMoFM+XR5NjthQe+iCdkg6:a1OTV9p2Q0Re0nu1NroFtXXthvCdk

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      4b74d21e0431fdafeb4bcad97fd89e31_JaffaCakes118

    • Size

      1.3MB

    • MD5

      4b74d21e0431fdafeb4bcad97fd89e31

    • SHA1

      70e32efe4ca8aa95817b249ceff32faad4c12f0c

    • SHA256

      6bf3529a21cc6ca742cd048bb6846369edf360448fe93fa856f7d754413c76fc

    • SHA512

      7ea76f5b7e247337821a3183fe78bf05bd908bf2801efaaad6c5d72756ef2b2d0999318af38cb144d759610a791019f24641c5042637e0553a37743c702d8117

    • SSDEEP

      24576:a1YLTV7I4p2dWCYyRxRRtGLQRxnS0nu1NgMoFM+XR5NjthQe+iCdkg6:a1OTV9p2Q0Re0nu1NroFtXXthvCdk

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks