Overview

overview

10

Static

static

3

7e3f5dc077...18.exe

windows7-x64

10

7e3f5dc077...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7e3f5dc077b3c5b7a325f69b28ddd6fa_JaffaCakes118

  • Size

    2.6MB

  • Sample

    240731-2swpsaxeml

  • MD5

    7e3f5dc077b3c5b7a325f69b28ddd6fa

  • SHA1

    ebbdb581472554bb132fe9922d6bec9c346c9e4e

  • SHA256

    653a2c5e7b6269ce2988ffd4c0a10513db882716838916ed412aac7c828e3442

  • SHA512

    08d5f21b88c4b4185424f0c07a5e1be22c3d46c21f41f06ba25011ea0cf8988aefe5762ab086022712f7a8a668ad03cbbb474ba9c7dae4b7959a72ce897394e8

  • SSDEEP

    49152:XaPQbgW0hZA6ZiTZ4FE/ZHx1qZ4lC37ovKnMkIzTSnM3pJBo/s:zbniOt/MF4KKXSn

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      7e3f5dc077b3c5b7a325f69b28ddd6fa_JaffaCakes118

    • Size

      2.6MB

    • MD5

      7e3f5dc077b3c5b7a325f69b28ddd6fa

    • SHA1

      ebbdb581472554bb132fe9922d6bec9c346c9e4e

    • SHA256

      653a2c5e7b6269ce2988ffd4c0a10513db882716838916ed412aac7c828e3442

    • SHA512

      08d5f21b88c4b4185424f0c07a5e1be22c3d46c21f41f06ba25011ea0cf8988aefe5762ab086022712f7a8a668ad03cbbb474ba9c7dae4b7959a72ce897394e8

    • SSDEEP

      49152:XaPQbgW0hZA6ZiTZ4FE/ZHx1qZ4lC37ovKnMkIzTSnM3pJBo/s:zbniOt/MF4KKXSn

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks