Overview

overview

10

Static

static

3

92a7db0ef6...18.exe

windows7-x64

10

92a7db0ef6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92a7db0ef60666dc0feed76e58655175_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240813-mcb8wasfpr

  • MD5

    92a7db0ef60666dc0feed76e58655175

  • SHA1

    d22b8f8db956324d178712f533dfe3001ca1faae

  • SHA256

    4432f01f7ca9a77e76353b0121e346058186b787217c8cd7960c67232f9cdca8

  • SHA512

    56b07cb93a4079d42a1a89e91111fd77fdfa4d95ad2ff4eab10251bf99d20730ad66f4db783f57589abb3fbae289447283777c23388b98eb3a44f761b59daf94

  • SSDEEP

    24576:DvybJvA4bLjVxlFhrS8bul0cTEbR7T/i1qE/VWFri:cvAmxlF2pTEbR7Li4aAi

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      92a7db0ef60666dc0feed76e58655175_JaffaCakes118

    • Size

      1.0MB

    • MD5

      92a7db0ef60666dc0feed76e58655175

    • SHA1

      d22b8f8db956324d178712f533dfe3001ca1faae

    • SHA256

      4432f01f7ca9a77e76353b0121e346058186b787217c8cd7960c67232f9cdca8

    • SHA512

      56b07cb93a4079d42a1a89e91111fd77fdfa4d95ad2ff4eab10251bf99d20730ad66f4db783f57589abb3fbae289447283777c23388b98eb3a44f761b59daf94

    • SSDEEP

      24576:DvybJvA4bLjVxlFhrS8bul0cTEbR7T/i1qE/VWFri:cvAmxlF2pTEbR7Li4aAi

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks