Overview

overview

10

Static

static

3

97f427eba5...18.exe

windows7-x64

7

97f427eba5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    97f427eba588cc8ddb5bb4060d4da670_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240814-2jyssayhmh

  • MD5

    97f427eba588cc8ddb5bb4060d4da670

  • SHA1

    e775ac83614dbd26f33265a9f2efc47a326072f4

  • SHA256

    972e7d3eca32a40fcc044f8d826d1e04bea3d60c903c6f1b3490361db513bc58

  • SHA512

    d47aabe258d394e118f505deda8b71524bd76a76e0a589916fe41ec316cf8b0134b6baeb7e8d08e6e38f6772d571964023934b86783610f69cec6421b470ab01

  • SSDEEP

    24576:LzDQmjrlwrHfz12dZYaVrbaGPL3e3Z+h9QxUCh1tMsTX+:3DtR6r12dnNbaILmEhGxHvq

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      97f427eba588cc8ddb5bb4060d4da670_JaffaCakes118

    • Size

      1.3MB

    • MD5

      97f427eba588cc8ddb5bb4060d4da670

    • SHA1

      e775ac83614dbd26f33265a9f2efc47a326072f4

    • SHA256

      972e7d3eca32a40fcc044f8d826d1e04bea3d60c903c6f1b3490361db513bc58

    • SHA512

      d47aabe258d394e118f505deda8b71524bd76a76e0a589916fe41ec316cf8b0134b6baeb7e8d08e6e38f6772d571964023934b86783610f69cec6421b470ab01

    • SSDEEP

      24576:LzDQmjrlwrHfz12dZYaVrbaGPL3e3Z+h9QxUCh1tMsTX+:3DtR6r12dnNbaILmEhGxHvq

    Score
    10/10
    discoverypersistenceardamaxkeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks