Overview

overview

10

Static

static

3

55b237fd10...18.exe

windows7-x64

10

55b237fd10...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    55b237fd1040c7dbb1b4ebccab44e4d8_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240718-caj6lataje

  • MD5

    55b237fd1040c7dbb1b4ebccab44e4d8

  • SHA1

    c8733ba8a7806aba1e58bb102a3af910ed3e3541

  • SHA256

    b97151131b32023291c0eaf3a4edad375cae14e066ddb6a43585c1a5f25fb9c4

  • SHA512

    86e12c936519211c145c6354792192b6ba8f5d978db964316b1e09e0b6331877c001c5a52b5787749948459524699b23ca9a454ee06a5c728f59105f776e44c6

  • SSDEEP

    24576:aHvZT9oJb1EQTBqHr4aix0YLpQWdq/eSEyefbodWPhlg4mt5R2OXWF7a2CyBuM4j:aBT9yCQTBqHCpSWScoMU5Xiad2tAxjJ

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      55b237fd1040c7dbb1b4ebccab44e4d8_JaffaCakes118

    • Size

      1.8MB

    • MD5

      55b237fd1040c7dbb1b4ebccab44e4d8

    • SHA1

      c8733ba8a7806aba1e58bb102a3af910ed3e3541

    • SHA256

      b97151131b32023291c0eaf3a4edad375cae14e066ddb6a43585c1a5f25fb9c4

    • SHA512

      86e12c936519211c145c6354792192b6ba8f5d978db964316b1e09e0b6331877c001c5a52b5787749948459524699b23ca9a454ee06a5c728f59105f776e44c6

    • SSDEEP

      24576:aHvZT9oJb1EQTBqHr4aix0YLpQWdq/eSEyefbodWPhlg4mt5R2OXWF7a2CyBuM4j:aBT9yCQTBqHCpSWScoMU5Xiad2tAxjJ

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks