Overview

overview

10

Static

static

3

4dd63bb405...18.exe

windows7-x64

10

4dd63bb405...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4dd63bb405a5e282dc0942018bf30a48_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240716-l4le7azdrf

  • MD5

    4dd63bb405a5e282dc0942018bf30a48

  • SHA1

    842c1d0184f3df388fa8f3bf22d5e1a4d83ab28c

  • SHA256

    98bf5793c46987e46bb2559ed565d0d96012f9cf16ae4961dc18d1fb65006a47

  • SHA512

    64367d21bf5095bf9dc27a31885c8b65be5dfd047b65f96f3c74172a3e7b6e4db3647af94ebfcb6f3a4931215cb9a62fbf8b6be679d8333bfd81c5a21dc3b6c5

  • SSDEEP

    24576:gHvZTmz2lf/T1XMT4vsItvbZFXwHHO4m2jcPupUw0sLuIfdd7paiHRIbl:oBTA2lho40IZXc3mTP6UwlLuIfd14ic

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      4dd63bb405a5e282dc0942018bf30a48_JaffaCakes118

    • Size

      1.3MB

    • MD5

      4dd63bb405a5e282dc0942018bf30a48

    • SHA1

      842c1d0184f3df388fa8f3bf22d5e1a4d83ab28c

    • SHA256

      98bf5793c46987e46bb2559ed565d0d96012f9cf16ae4961dc18d1fb65006a47

    • SHA512

      64367d21bf5095bf9dc27a31885c8b65be5dfd047b65f96f3c74172a3e7b6e4db3647af94ebfcb6f3a4931215cb9a62fbf8b6be679d8333bfd81c5a21dc3b6c5

    • SSDEEP

      24576:gHvZTmz2lf/T1XMT4vsItvbZFXwHHO4m2jcPupUw0sLuIfdd7paiHRIbl:oBTA2lho40IZXc3mTP6UwlLuIfd14ic

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks