Overview

overview

10

Static

static

3

585e30952a...18.exe

windows7-x64

10

585e30952a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    585e30952a077d28eab07e46420f8630_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240718-vz3y4syenj

  • MD5

    585e30952a077d28eab07e46420f8630

  • SHA1

    b86edd7168c4a3641836578953529edb13f5aad9

  • SHA256

    6910cb559aa669991c8e0c930e0094e58e026578582dbefcb481713e218d4c00

  • SHA512

    2a134ebd27f28b6fee846d81d73505281a66f17f92880c63dc20c556438060bfffde92adb55861fe54081fb6d19895bb6046c4664654246e168cd0b5077ec72d

  • SSDEEP

    49152:sXTh1tjaOvhBdaCpcl5WmqQKkUVB9CTfNtoPsGAKAdQ0i:e1AULd16KfQKkUkYk/i

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      585e30952a077d28eab07e46420f8630_JaffaCakes118

    • Size

      1.5MB

    • MD5

      585e30952a077d28eab07e46420f8630

    • SHA1

      b86edd7168c4a3641836578953529edb13f5aad9

    • SHA256

      6910cb559aa669991c8e0c930e0094e58e026578582dbefcb481713e218d4c00

    • SHA512

      2a134ebd27f28b6fee846d81d73505281a66f17f92880c63dc20c556438060bfffde92adb55861fe54081fb6d19895bb6046c4664654246e168cd0b5077ec72d

    • SSDEEP

      49152:sXTh1tjaOvhBdaCpcl5WmqQKkUVB9CTfNtoPsGAKAdQ0i:e1AULd16KfQKkUkYk/i

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks