Overview

overview

10

Static

static

3

b3822580f3...18.exe

windows7-x64

10

b3822580f3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b3822580f3cef8dee3330739b9ca4168_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240821-p1dsqaygnd

  • MD5

    b3822580f3cef8dee3330739b9ca4168

  • SHA1

    9394f94e0caa660bdcda1888e19dcbef49750bad

  • SHA256

    f5a94826983f107bf39b011a48f126afe7df68fbe35c406888d7f8a86b7fa870

  • SHA512

    fee4f4a6b132746fc68657b58e68c446d0217c9b4f9817e6ccef25c1c220635dbede4eded7e8f7e4c93d122339ac04a090a56b11acf0d1fcaec605e3b1fe11e7

  • SSDEEP

    24576:5ZxTtg0cufSfOe9BdFM/nbIIwkBDaWSRJQYmQf+MMt:5XTtggL6jFMv8tPQY3Z

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      b3822580f3cef8dee3330739b9ca4168_JaffaCakes118

    • Size

      1.1MB

    • MD5

      b3822580f3cef8dee3330739b9ca4168

    • SHA1

      9394f94e0caa660bdcda1888e19dcbef49750bad

    • SHA256

      f5a94826983f107bf39b011a48f126afe7df68fbe35c406888d7f8a86b7fa870

    • SHA512

      fee4f4a6b132746fc68657b58e68c446d0217c9b4f9817e6ccef25c1c220635dbede4eded7e8f7e4c93d122339ac04a090a56b11acf0d1fcaec605e3b1fe11e7

    • SSDEEP

      24576:5ZxTtg0cufSfOe9BdFM/nbIIwkBDaWSRJQYmQf+MMt:5XTtggL6jFMv8tPQY3Z

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks