ardamax | 2d44177550adda3ae9d69e7f5bb51557a7d5b1c23902d84e5a2ce9c1fe079d15 | Triage

Sharing

General

Target

93285f6ebc9657feb0724435db46e246_JaffaCakes118
Size

476KB
Sample

240813-p5p2jsvaqh
MD5

93285f6ebc9657feb0724435db46e246
SHA1

f7762091e7cc91e6007f273284a59f74c36ff104
SHA256

2d44177550adda3ae9d69e7f5bb51557a7d5b1c23902d84e5a2ce9c1fe079d15
SHA512

0992893a78a4a66eea62057207717f91154ea16ae140bc62878968703496106a953c55a35b6ece0d081d521ece62fa9607d56fcab28d33ffdea0e80f0aa76c8d
SSDEEP

6144:eJ7JaKJ5PbTlLb165VawLCThU/HjW0/0VZNJamxKAL:aH5LocwL5HjO1XL

Score

10^/10

ardamax discovery persistence

Malware Config

Targets

- Target
  
  93285f6ebc9657feb0724435db46e246_JaffaCakes118
- Size
  
  476KB
- MD5
  
  93285f6ebc9657feb0724435db46e246
- SHA1
  
  f7762091e7cc91e6007f273284a59f74c36ff104
- SHA256
  
  2d44177550adda3ae9d69e7f5bb51557a7d5b1c23902d84e5a2ce9c1fe079d15
- SHA512
  
  0992893a78a4a66eea62057207717f91154ea16ae140bc62878968703496106a953c55a35b6ece0d081d521ece62fa9607d56fcab28d33ffdea0e80f0aa76c8d
- SSDEEP
  
  6144:eJ7JaKJ5PbTlLb165VawLCThU/HjW0/0VZNJamxKAL:aH5LocwL5HjO1XL
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence