Overview

overview

10

Static

static

3

62d2b3a22d...18.exe

windows7-x64

10

62d2b3a22d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62d2b3a22d70b893887d14f749e1e634_JaffaCakes118

  • Size

    2.0MB

  • Sample

    240722-l984fasalg

  • MD5

    62d2b3a22d70b893887d14f749e1e634

  • SHA1

    f3ca5de3851570f813e9bf62be3aecf469120207

  • SHA256

    12893481b04564624964972d930b86d0a12f667de6b271e85c92c483d9b228ab

  • SHA512

    13f0de6e8b48bd333f709bd3feebe5c6c048c41fdb96618d3023eb40877b3cb7ea2ba1e54c3cf57e3d3b0fcafef064cd8ac73314ec15944892a2522db4e60590

  • SSDEEP

    49152:KoTRR0cjN1GVjNGZNRyAIK3/HNzFXL39oaDcM:lR0MNofWNRNHoa

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      62d2b3a22d70b893887d14f749e1e634_JaffaCakes118

    • Size

      2.0MB

    • MD5

      62d2b3a22d70b893887d14f749e1e634

    • SHA1

      f3ca5de3851570f813e9bf62be3aecf469120207

    • SHA256

      12893481b04564624964972d930b86d0a12f667de6b271e85c92c483d9b228ab

    • SHA512

      13f0de6e8b48bd333f709bd3feebe5c6c048c41fdb96618d3023eb40877b3cb7ea2ba1e54c3cf57e3d3b0fcafef064cd8ac73314ec15944892a2522db4e60590

    • SSDEEP

      49152:KoTRR0cjN1GVjNGZNRyAIK3/HNzFXL39oaDcM:lR0MNofWNRNHoa

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks