Overview

overview

10

Static

static

3

9e2dad56b1...18.exe

windows7-x64

10

9e2dad56b1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e2dad56b15a9b479282726deb9d35e2_JaffaCakes118

  • Size

    575KB

  • Sample

    240816-nmd1wswdrj

  • MD5

    9e2dad56b15a9b479282726deb9d35e2

  • SHA1

    7ebf1c7c28caf8b40d6342ef9dad1ee042763089

  • SHA256

    85335c9913584ffa043afffbf21a1bea3dfdfafb0898f6f3bb63b2b67212edb3

  • SHA512

    e8cf4174fdfaed0b56aa82fe23783b8db03ce025506bff1b1efcc122384bd15dcbbc338c6602ab1b38ef4afb14b8682b7dc59399394e9916b48a69373ae9b668

  • SSDEEP

    12288:IIkpPSSFoCRrpigV1DU4XV08eIA4dPUrCiIvt1DIekAYh57LVo:U6O/okX+5I8SDSnK

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      9e2dad56b15a9b479282726deb9d35e2_JaffaCakes118

    • Size

      575KB

    • MD5

      9e2dad56b15a9b479282726deb9d35e2

    • SHA1

      7ebf1c7c28caf8b40d6342ef9dad1ee042763089

    • SHA256

      85335c9913584ffa043afffbf21a1bea3dfdfafb0898f6f3bb63b2b67212edb3

    • SHA512

      e8cf4174fdfaed0b56aa82fe23783b8db03ce025506bff1b1efcc122384bd15dcbbc338c6602ab1b38ef4afb14b8682b7dc59399394e9916b48a69373ae9b668

    • SSDEEP

      12288:IIkpPSSFoCRrpigV1DU4XV08eIA4dPUrCiIvt1DIekAYh57LVo:U6O/okX+5I8SDSnK

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks