Overview

overview

10

Static

static

3

b5a6f28698...18.exe

windows7-x64

10

b5a6f28698...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b5a6f286985780b9ef422d4c4556dba6_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240822-avlh2ssfqq

  • MD5

    b5a6f286985780b9ef422d4c4556dba6

  • SHA1

    8edda9bd8a02cf827bdf47144d19196ba73685be

  • SHA256

    8273060e7e3b402a7c965e987a19dc16315a0c3843c2f76eac430f0c66428c15

  • SHA512

    61fe839b1aa3dcf78e022ad1d41267a905158140fc979e464fe5d230fe828e775fdb780c975a434af71976434ea61c0f776c276de0020fe2c0075153865737ec

  • SSDEEP

    24576:gVPTf+Ku3vkT/TlSt35gqhIQDVkS0SDbrLEqv:xdI/TlSp+KaS09

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      b5a6f286985780b9ef422d4c4556dba6_JaffaCakes118

    • Size

      1.0MB

    • MD5

      b5a6f286985780b9ef422d4c4556dba6

    • SHA1

      8edda9bd8a02cf827bdf47144d19196ba73685be

    • SHA256

      8273060e7e3b402a7c965e987a19dc16315a0c3843c2f76eac430f0c66428c15

    • SHA512

      61fe839b1aa3dcf78e022ad1d41267a905158140fc979e464fe5d230fe828e775fdb780c975a434af71976434ea61c0f776c276de0020fe2c0075153865737ec

    • SSDEEP

      24576:gVPTf+Ku3vkT/TlSt35gqhIQDVkS0SDbrLEqv:xdI/TlSp+KaS09

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks