Overview

overview

10

Static

static

3

a82f26acca...18.exe

windows7-x64

10

a82f26acca...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a82f26acca602314029a5a50f2150291_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240818-zsb92axbpk

  • MD5

    a82f26acca602314029a5a50f2150291

  • SHA1

    d31361b4d4cd5ceea092634a3da7e36120969e30

  • SHA256

    ba55d4ef3147fd08f4ee6b4c52e38d827f41e107105c616a56c7e49d4bb3b8e9

  • SHA512

    fa3661e0312f07bb825efa47308ffcb934fc93a1f414d54e8643647cea9460e033238681591c5b465f9e3e3f98d919cce8877c2e4f67d93ed9aa6dfe973ae0b8

  • SSDEEP

    24576:qDrTuE0cL3CeDeQYb5OcKTJzr3wc1Kz2NIyT/OT/QSI7B6:qXTtrDJYQcKTJYKNIy4/FI7

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      a82f26acca602314029a5a50f2150291_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a82f26acca602314029a5a50f2150291

    • SHA1

      d31361b4d4cd5ceea092634a3da7e36120969e30

    • SHA256

      ba55d4ef3147fd08f4ee6b4c52e38d827f41e107105c616a56c7e49d4bb3b8e9

    • SHA512

      fa3661e0312f07bb825efa47308ffcb934fc93a1f414d54e8643647cea9460e033238681591c5b465f9e3e3f98d919cce8877c2e4f67d93ed9aa6dfe973ae0b8

    • SSDEEP

      24576:qDrTuE0cL3CeDeQYb5OcKTJzr3wc1Kz2NIyT/OT/QSI7B6:qXTtrDJYQcKTJYKNIy4/FI7

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks