Overview

overview

10

Static

static

3

51124cc6f8...18.exe

windows7-x64

10

51124cc6f8...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51124cc6f89e453d8e9098bdacd30d1f_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240717-cqp2savamf

  • MD5

    51124cc6f89e453d8e9098bdacd30d1f

  • SHA1

    dc18e08db080750af46b63edccef323fd5377b56

  • SHA256

    05498caf5ca962612cf02fe4e879c7f61ff0afae4918573b4856349fa1722fe7

  • SHA512

    22c9ac9d5cd02709d22938444d806db1a56f6e5cc3867179cdf89e7ddc8cc8ab85d58406a55bde7f19cdd7a8ac5da7db6937e5f8743dc20edad3ec7d9e689a2a

  • SSDEEP

    49152:FGrT0r3GEvM8PGpwCfY6MkEbukrMiQ1NwNT4MG:FXr3G8xmwCmd/KNwNEB

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      51124cc6f89e453d8e9098bdacd30d1f_JaffaCakes118

    • Size

      1.5MB

    • MD5

      51124cc6f89e453d8e9098bdacd30d1f

    • SHA1

      dc18e08db080750af46b63edccef323fd5377b56

    • SHA256

      05498caf5ca962612cf02fe4e879c7f61ff0afae4918573b4856349fa1722fe7

    • SHA512

      22c9ac9d5cd02709d22938444d806db1a56f6e5cc3867179cdf89e7ddc8cc8ab85d58406a55bde7f19cdd7a8ac5da7db6937e5f8743dc20edad3ec7d9e689a2a

    • SSDEEP

      49152:FGrT0r3GEvM8PGpwCfY6MkEbukrMiQ1NwNT4MG:FXr3G8xmwCmd/KNwNEB

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks