Overview

overview

10

Static

static

3

6b84c6ae87...18.exe

windows7-x64

10

6b84c6ae87...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6b84c6ae8724d9ab87154aa07293da4e_JaffaCakes118

  • Size

    514KB

  • Sample

    240724-plergawalq

  • MD5

    6b84c6ae8724d9ab87154aa07293da4e

  • SHA1

    d96066b599457cb26d13871df8048e39351b787e

  • SHA256

    45741908aba41ce4ff4b0140a1eda218ad305eeba332eff777ea2c3da5c2e593

  • SHA512

    aa53a237714f67b12e7e83d1bee4c4b0a4a624c445558182ec601ec705a65da4fa1c227d6dd0e78f8db74f75caa045163c39f2985b4619a7efcff94d52d822eb

  • SSDEEP

    12288:iIyZQI56Uys3G/1p9WTfXeMo5LBPxZGhWOZdZ8mUgNX:EZ9ys3C1UXPYBpZEWAGmvd

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      6b84c6ae8724d9ab87154aa07293da4e_JaffaCakes118

    • Size

      514KB

    • MD5

      6b84c6ae8724d9ab87154aa07293da4e

    • SHA1

      d96066b599457cb26d13871df8048e39351b787e

    • SHA256

      45741908aba41ce4ff4b0140a1eda218ad305eeba332eff777ea2c3da5c2e593

    • SHA512

      aa53a237714f67b12e7e83d1bee4c4b0a4a624c445558182ec601ec705a65da4fa1c227d6dd0e78f8db74f75caa045163c39f2985b4619a7efcff94d52d822eb

    • SSDEEP

      12288:iIyZQI56Uys3G/1p9WTfXeMo5LBPxZGhWOZdZ8mUgNX:EZ9ys3C1UXPYBpZEWAGmvd

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks