Overview

overview

10

Static

static

3

Foto002.exe

windows7-x64

10

Foto002.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97e07a84ef4f941db0919ab038e7ad6b_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240814-149v4sshkq

  • MD5

    97e07a84ef4f941db0919ab038e7ad6b

  • SHA1

    d4b719b1609367ffc25b408fda10a5b1e0e984ea

  • SHA256

    6f494e7b857e15508e8477ec3ff06df897d304bb4fd99d78a305133ecf021ac0

  • SHA512

    465ff0539681eba9e8815a6d58d69b761512a255b8459028228a2ffdbf83e54e98405a3fc40d5a2ed60016d8f4f06956c500734d91b89b85e9e2a654eb09638a

  • SSDEEP

    24576:WAlN2ZxtjisHCQZh8JC/FBvFdE5Z5XudBarbW6bOT3U19TMQQ:Ws8Zx9bHCQZx/bU5Z5+u0rU1FM

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      Foto002.exe

    • Size

      1.2MB

    • MD5

      6b225013a0daf6f5dbc3a71cd40d6a39

    • SHA1

      7883c741c0f4cf95e9226c13f0709c0fb7ad45fb

    • SHA256

      124ebc7aa97224fa3060bfeebeec5ff39499a2af97b27cb630ecf514f2554312

    • SHA512

      e8f7df27e65353e9505ef196dc65fac530c2550a94cab2cc7c62dcfacdbbfb7b9a4d743808bb3fcd0709e308b3aad154f2d6d97ac3431c7994f3b6422fb34e2d

    • SSDEEP

      24576:Z0NzTBazwlNuVJKuMOTHbWmUGNZXaqRMwVsjH342Pm2TLKnwaLOvYwueSOTW:Z0pTsOu2VOWmUwqqRMUAFPf4wy1

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks