Overview

overview

10

Static

static

3

89f4ea2a52...18.exe

windows7-x64

10

89f4ea2a52...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    89f4ea2a522e17ce770502cee34335ff_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240811-l4wk6avdrm

  • MD5

    89f4ea2a522e17ce770502cee34335ff

  • SHA1

    ce8a82fa9f086aeb132a2385f4ea39a4d5d22a54

  • SHA256

    1b1110987bc3da3fe2ffbcff16c10938f4f81d755f18100f8ab81b9532a912e5

  • SHA512

    ba8bd66f4d5a106374acd52fa541fc7254d570f4d31f18e4101d5d4008086211457537ad1a7ff085bee10db6c651f180e13bd9acd1cd06c1a74e8f2506448649

  • SSDEEP

    24576:Wk/ATW4r4Yz3dNrY5jjfpIHJCIiag40t2Dlx8d6FPB/L:HoTWFGDUFBoEKgKc0B

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      89f4ea2a522e17ce770502cee34335ff_JaffaCakes118

    • Size

      1.1MB

    • MD5

      89f4ea2a522e17ce770502cee34335ff

    • SHA1

      ce8a82fa9f086aeb132a2385f4ea39a4d5d22a54

    • SHA256

      1b1110987bc3da3fe2ffbcff16c10938f4f81d755f18100f8ab81b9532a912e5

    • SHA512

      ba8bd66f4d5a106374acd52fa541fc7254d570f4d31f18e4101d5d4008086211457537ad1a7ff085bee10db6c651f180e13bd9acd1cd06c1a74e8f2506448649

    • SSDEEP

      24576:Wk/ATW4r4Yz3dNrY5jjfpIHJCIiag40t2Dlx8d6FPB/L:HoTWFGDUFBoEKgKc0B

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks