Overview

overview

10

Static

static

3

590b3b8dba...18.exe

windows7-x64

10

590b3b8dba...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    590b3b8dba5a76d4eea77dfaba32e6f5_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240718-zs65eayhne

  • MD5

    590b3b8dba5a76d4eea77dfaba32e6f5

  • SHA1

    d94659eda13d457de156ad28918e1f880572b0db

  • SHA256

    ccfec75020f7ac4fdf0e0d78242d6276f3942762dc1cc00e1f01d47af8029903

  • SHA512

    4101f058050b5429ddc1cd2633d8f745b8168622c0ac2fe88a5420e8d53028df8863c4e8861a802819836144ff88bff52a5129443fb60d1c0a8a858020b5e2ef

  • SSDEEP

    24576:DU4oTmLiJmfbuNYSEIcHhh/zvDsDS1MFMo+DbXw34ukOt0tX1HGMPDM:DULTmewfyxEIcHD642Mo+/Xw8Xg

Score
10/10
ardamaxkeyloggerpersistencestealer

Malware Config

Targets

    • Target

      590b3b8dba5a76d4eea77dfaba32e6f5_JaffaCakes118

    • Size

      1.2MB

    • MD5

      590b3b8dba5a76d4eea77dfaba32e6f5

    • SHA1

      d94659eda13d457de156ad28918e1f880572b0db

    • SHA256

      ccfec75020f7ac4fdf0e0d78242d6276f3942762dc1cc00e1f01d47af8029903

    • SHA512

      4101f058050b5429ddc1cd2633d8f745b8168622c0ac2fe88a5420e8d53028df8863c4e8861a802819836144ff88bff52a5129443fb60d1c0a8a858020b5e2ef

    • SSDEEP

      24576:DU4oTmLiJmfbuNYSEIcHhh/zvDsDS1MFMo+DbXw34ukOt0tX1HGMPDM:DULTmewfyxEIcHD642Mo+/Xw8Xg

    Score
    10/10
    ardamaxkeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks