Overview

overview

10

Static

static

3

58f6e63d45...18.exe

windows7-x64

10

58f6e63d45...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    58f6e63d45c3889a533313d08fcc89cc_JaffaCakes118

  • Size

    619KB

  • Sample

    240718-zcrd1sybme

  • MD5

    58f6e63d45c3889a533313d08fcc89cc

  • SHA1

    602dd4b4622b25de56c8ec984a48e7518171eaa9

  • SHA256

    97c3d0f47ff3d1b2dee9efe755f0617cb9c8a02a5332098610abf34e1c6488ce

  • SHA512

    b3b313d39e95224938ff2d4456d6ac1370bb3a3087275f9235ef3a566334dad5abb8241845e05e533153ee225217602a814e49eee033d7b09b38011a5a955b1e

  • SSDEEP

    12288:IqSpuGzOuogMZShwhqO34ij31pzmaLw7oWsCDZv:ouGzOTUy3Rjlg9T3Zv

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      58f6e63d45c3889a533313d08fcc89cc_JaffaCakes118

    • Size

      619KB

    • MD5

      58f6e63d45c3889a533313d08fcc89cc

    • SHA1

      602dd4b4622b25de56c8ec984a48e7518171eaa9

    • SHA256

      97c3d0f47ff3d1b2dee9efe755f0617cb9c8a02a5332098610abf34e1c6488ce

    • SHA512

      b3b313d39e95224938ff2d4456d6ac1370bb3a3087275f9235ef3a566334dad5abb8241845e05e533153ee225217602a814e49eee033d7b09b38011a5a955b1e

    • SSDEEP

      12288:IqSpuGzOuogMZShwhqO34ij31pzmaLw7oWsCDZv:ouGzOTUy3Rjlg9T3Zv

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks