Overview

overview

10

Static

static

3

953089eb6f...18.exe

windows7-x64

10

953089eb6f...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    953089eb6f85e3f98c06065db4af5fc0_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240814-jjhgpazgpg

  • MD5

    953089eb6f85e3f98c06065db4af5fc0

  • SHA1

    67f893db60359803256565a0765ee800aae21558

  • SHA256

    55557a8219b0aa453829338bc6e7ed0cea6e56d3605aa9e9b141d29145562e72

  • SHA512

    31850287c024b5ab17b4d4d5d9648dc253c490011d363b6b8f89d3e0e7c65f00afbf3fb19b6fe730569f83b8396ad83723659821219109858c5114bfeb7cc4c9

  • SSDEEP

    24576:Zp9GCCc4OcGszRM4Xuhkp0xMDe9bl4/jpJt/UIxo7+LxAdUcPOa:Tb0PlMVKGeQcJPC3dUO

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      953089eb6f85e3f98c06065db4af5fc0_JaffaCakes118

    • Size

      1.3MB

    • MD5

      953089eb6f85e3f98c06065db4af5fc0

    • SHA1

      67f893db60359803256565a0765ee800aae21558

    • SHA256

      55557a8219b0aa453829338bc6e7ed0cea6e56d3605aa9e9b141d29145562e72

    • SHA512

      31850287c024b5ab17b4d4d5d9648dc253c490011d363b6b8f89d3e0e7c65f00afbf3fb19b6fe730569f83b8396ad83723659821219109858c5114bfeb7cc4c9

    • SSDEEP

      24576:Zp9GCCc4OcGszRM4Xuhkp0xMDe9bl4/jpJt/UIxo7+LxAdUcPOa:Tb0PlMVKGeQcJPC3dUO

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks