Overview

overview

10

Static

static

3

9648e6119c...18.exe

windows7-x64

10

9648e6119c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9648e6119c10167d020fa0c61d4d5b1c_JaffaCakes118

  • Size

    1.6MB

  • Sample

    240814-qqahzsvbne

  • MD5

    9648e6119c10167d020fa0c61d4d5b1c

  • SHA1

    8fc21a2840f424cf7de82ce47f74fcaeafcf6907

  • SHA256

    2407c59604d05b49eefc5c0d3d3579f37e22d638e454682ede378e20d3d68662

  • SHA512

    85485ed267982df2fd45ba03e251807bb750676c67617ddd21980b1558f8fed234f35b5485c469cdd539a1e82eb8c3df867e110dbdc08264a72295591f8eafbd

  • SSDEEP

    24576:Qk/ATKEM6NkY05AtAYi2JsaQ2bBKCCgsQIL2z4DcEkFxX4j0:hoT9M6mY05AtAY7JsaNbBLzzXzFxIj

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      9648e6119c10167d020fa0c61d4d5b1c_JaffaCakes118

    • Size

      1.6MB

    • MD5

      9648e6119c10167d020fa0c61d4d5b1c

    • SHA1

      8fc21a2840f424cf7de82ce47f74fcaeafcf6907

    • SHA256

      2407c59604d05b49eefc5c0d3d3579f37e22d638e454682ede378e20d3d68662

    • SHA512

      85485ed267982df2fd45ba03e251807bb750676c67617ddd21980b1558f8fed234f35b5485c469cdd539a1e82eb8c3df867e110dbdc08264a72295591f8eafbd

    • SSDEEP

      24576:Qk/ATKEM6NkY05AtAYi2JsaQ2bBKCCgsQIL2z4DcEkFxX4j0:hoT9M6mY05AtAY7JsaNbBLzzXzFxIj

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks