Overview

overview

10

Static

static

3

51aa24924e...18.exe

windows7-x64

10

51aa24924e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51aa24924ed06d145fbbf8e2f2bfef0e_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240717-gbygtszhqg

  • MD5

    51aa24924ed06d145fbbf8e2f2bfef0e

  • SHA1

    f3d7360c35d07e40789b26a999285e88f8df6e6a

  • SHA256

    3332944b389e92373d3963c4ac821028eb1185b9060b1830ad0f069c9a5fc796

  • SHA512

    559e27c268bdaa9a1f906fdbd3689c1e03b618a4404584f46067b586aa9df3332a0a3c1336c6f19ebabceebf47212510babdbcd2ba754c5afa9c788c56e76940

  • SSDEEP

    24576:+HvZTIvJ/AAfQJ2ET2txoFXuJQywN/UdYRTjX/MVXlgP7Rk2/HiN+CIV5O:uBTWfXVjAXFtRP/MVXlJ4V

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      51aa24924ed06d145fbbf8e2f2bfef0e_JaffaCakes118

    • Size

      1.1MB

    • MD5

      51aa24924ed06d145fbbf8e2f2bfef0e

    • SHA1

      f3d7360c35d07e40789b26a999285e88f8df6e6a

    • SHA256

      3332944b389e92373d3963c4ac821028eb1185b9060b1830ad0f069c9a5fc796

    • SHA512

      559e27c268bdaa9a1f906fdbd3689c1e03b618a4404584f46067b586aa9df3332a0a3c1336c6f19ebabceebf47212510babdbcd2ba754c5afa9c788c56e76940

    • SSDEEP

      24576:+HvZTIvJ/AAfQJ2ET2txoFXuJQywN/UdYRTjX/MVXlgP7Rk2/HiN+CIV5O:uBTWfXVjAXFtRP/MVXlJ4V

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks