Overview

overview

10

Static

static

3

89aaadd1f9...18.exe

windows7-x64

10

89aaadd1f9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89aaadd1f943634a03dd4ac04af26320_JaffaCakes118

  • Size

    483KB

  • Sample

    240811-kaz6tawcrf

  • MD5

    89aaadd1f943634a03dd4ac04af26320

  • SHA1

    1c86107a77328367ddbd63aad4bfc92645fecc7c

  • SHA256

    6433df08bf98890183ffe70269bbc1a7f0628503ee31d9ea328ebb33b3236901

  • SHA512

    5f8d6d652afdaa3889b7bab2f479d9904943a9ee22e3d21e495a8837c766d24e390552df30c919a9902085dad1ad6204d9490d12a8ffe57183ec32410a020c03

  • SSDEEP

    12288:N2/R2csLjfPOgHVnplZN5a6txLtghf0PuC2nfpik43oUUe:esnHVnplZHauxxglC2nfp94YUUe

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      89aaadd1f943634a03dd4ac04af26320_JaffaCakes118

    • Size

      483KB

    • MD5

      89aaadd1f943634a03dd4ac04af26320

    • SHA1

      1c86107a77328367ddbd63aad4bfc92645fecc7c

    • SHA256

      6433df08bf98890183ffe70269bbc1a7f0628503ee31d9ea328ebb33b3236901

    • SHA512

      5f8d6d652afdaa3889b7bab2f479d9904943a9ee22e3d21e495a8837c766d24e390552df30c919a9902085dad1ad6204d9490d12a8ffe57183ec32410a020c03

    • SSDEEP

      12288:N2/R2csLjfPOgHVnplZN5a6txLtghf0PuC2nfpik43oUUe:esnHVnplZHauxxglC2nfp94YUUe

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks