Overview

overview

10

Static

static

3

ac1b625f19...18.exe

windows7-x64

10

ac1b625f19...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac1b625f196fa24509ba7164070587c2_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240819-w61yrszape

  • MD5

    ac1b625f196fa24509ba7164070587c2

  • SHA1

    8c0b4cf386f54ee568977662a385ccc41305bd61

  • SHA256

    300deadece113db709f163bc23e03e28a066deac96198c58a8475c50a04c5385

  • SHA512

    735fc933031c8e61a0cd9eb6ebd01a20bcc3c38cf2a96e5e926ea2a52f731ab6becee6d118a90756109c0b28eb97ba5b2a416116dbc61accca4d120a99464850

  • SSDEEP

    49152:MoT/7TmemscP4Sj5CM9ik1Z997C5F61vAJPyHHRdrRRxaZr:pncPp8sB1/9GK1oKyZr

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      ac1b625f196fa24509ba7164070587c2_JaffaCakes118

    • Size

      1.9MB

    • MD5

      ac1b625f196fa24509ba7164070587c2

    • SHA1

      8c0b4cf386f54ee568977662a385ccc41305bd61

    • SHA256

      300deadece113db709f163bc23e03e28a066deac96198c58a8475c50a04c5385

    • SHA512

      735fc933031c8e61a0cd9eb6ebd01a20bcc3c38cf2a96e5e926ea2a52f731ab6becee6d118a90756109c0b28eb97ba5b2a416116dbc61accca4d120a99464850

    • SSDEEP

      49152:MoT/7TmemscP4Sj5CM9ik1Z997C5F61vAJPyHHRdrRRxaZr:pncPp8sB1/9GK1oKyZr

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks