Overview

overview

10

Static

static

3

4de8f2e88d...18.exe

windows7-x64

10

4de8f2e88d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4de8f2e88db40c9f0dbd5f0fe769ec26_JaffaCakes118

  • Size

    514KB

  • Sample

    240716-mhal8s1blc

  • MD5

    4de8f2e88db40c9f0dbd5f0fe769ec26

  • SHA1

    5eb4c3e15cdb20128f533979621d5a4da5683e3a

  • SHA256

    999e5c62a4dbcd1b8f0140f6d0e6eb0b74e5056db4eb45a04f02578f72bc3cfb

  • SHA512

    80f68f1540b29a95d95fa6937dd42a18077ee836b8142e1ae3298f97fa7749bfa4cec2cb1779d1b410f9692b5b9453b60df0f1ad48e08649f025e5c2f9f102ac

  • SSDEEP

    12288:DIlSlg3ZodLzNh2oPFbjTTTK54cCxKJIN4Dnc2knS7b50CEWTlP/:U3Q/GoPZfcmKJs4D1KS71iGlP/

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      4de8f2e88db40c9f0dbd5f0fe769ec26_JaffaCakes118

    • Size

      514KB

    • MD5

      4de8f2e88db40c9f0dbd5f0fe769ec26

    • SHA1

      5eb4c3e15cdb20128f533979621d5a4da5683e3a

    • SHA256

      999e5c62a4dbcd1b8f0140f6d0e6eb0b74e5056db4eb45a04f02578f72bc3cfb

    • SHA512

      80f68f1540b29a95d95fa6937dd42a18077ee836b8142e1ae3298f97fa7749bfa4cec2cb1779d1b410f9692b5b9453b60df0f1ad48e08649f025e5c2f9f102ac

    • SSDEEP

      12288:DIlSlg3ZodLzNh2oPFbjTTTK54cCxKJIN4Dnc2knS7b50CEWTlP/:U3Q/GoPZfcmKJs4D1KS71iGlP/

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks