Overview

overview

10

Static

static

3

ae308eafd9...18.exe

windows7-x64

10

ae308eafd9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ae308eafd9bae8c247fbf313c21f2f0f_JaffaCakes118

  • Size

    540KB

  • Sample

    240820-hcelsaxfre

  • MD5

    ae308eafd9bae8c247fbf313c21f2f0f

  • SHA1

    adbaae9e61c10d842903edb72f86ad3cc9408fca

  • SHA256

    e2b2e8759d68be86ba93d11ff4db3fbeed906ef813159821e2b2bbca7fb70686

  • SHA512

    dd6a6a686efee8033171194821187ab98252c024bf45ad30e399d1a027aaf6c17d665cf20f156bbf40f40182a73c63dc69710a2840b62b4d97ad660d8c56665b

  • SSDEEP

    12288:oVylYJPaU853TMvdxniuCvU9pZ19Yf2gPf/ksDuiOM8bjpW9M4:Gh8lTMvdxniNcTZzYfVf/Vg/pW9M4

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      ae308eafd9bae8c247fbf313c21f2f0f_JaffaCakes118

    • Size

      540KB

    • MD5

      ae308eafd9bae8c247fbf313c21f2f0f

    • SHA1

      adbaae9e61c10d842903edb72f86ad3cc9408fca

    • SHA256

      e2b2e8759d68be86ba93d11ff4db3fbeed906ef813159821e2b2bbca7fb70686

    • SHA512

      dd6a6a686efee8033171194821187ab98252c024bf45ad30e399d1a027aaf6c17d665cf20f156bbf40f40182a73c63dc69710a2840b62b4d97ad660d8c56665b

    • SSDEEP

      12288:oVylYJPaU853TMvdxniuCvU9pZ19Yf2gPf/ksDuiOM8bjpW9M4:Gh8lTMvdxniNcTZzYfVf/Vg/pW9M4

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks