Overview

overview

10

Static

static

3

93cecad486...18.exe

windows7-x64

10

93cecad486...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    93cecad4868a8e1a69384cb1677e449d_JaffaCakes118

  • Size

    570KB

  • Sample

    240813-tmzv9ayann

  • MD5

    93cecad4868a8e1a69384cb1677e449d

  • SHA1

    a9dadfc18d799b99867ab29a4470422756b5634b

  • SHA256

    052e6cb84a743d4cd64f53c6b010ea271a6c289dfe39fa60451c4cb7e8282ecf

  • SHA512

    af6f3c621569e31d1e1ea5046b48111382c6a54224ac788b646294c855d0a1b0521e2f53c3c45739a54f68611ecda69f63b7b6f874a115b0199c81fcc90c8425

  • SSDEEP

    12288:RSYQqLWVmZ5Cs+A62ro62/ift8EOmiBmhD6StwUhdG1JIPpJyVNa3:sYJLQmZIs+WWKl9+8DeU26xJyfa3

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      93cecad4868a8e1a69384cb1677e449d_JaffaCakes118

    • Size

      570KB

    • MD5

      93cecad4868a8e1a69384cb1677e449d

    • SHA1

      a9dadfc18d799b99867ab29a4470422756b5634b

    • SHA256

      052e6cb84a743d4cd64f53c6b010ea271a6c289dfe39fa60451c4cb7e8282ecf

    • SHA512

      af6f3c621569e31d1e1ea5046b48111382c6a54224ac788b646294c855d0a1b0521e2f53c3c45739a54f68611ecda69f63b7b6f874a115b0199c81fcc90c8425

    • SSDEEP

      12288:RSYQqLWVmZ5Cs+A62ro62/ift8EOmiBmhD6StwUhdG1JIPpJyVNa3:sYJLQmZIs+WWKl9+8DeU26xJyfa3

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks