Overview

overview

10

Static

static

3

Jonita.dll

windows7-x64

3

Jonita.dll

windows10-2004-x64

3

VIP Forum.exe

windows7-x64

10

VIP Forum.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ba7b875c01a780883a23c08bf6991679_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240823-fv1wmaxakd

  • MD5

    ba7b875c01a780883a23c08bf6991679

  • SHA1

    0085908cee094a04ace569f3c42c6d95bdd41384

  • SHA256

    5f18bb0f631ece3d136c9c88b3c61df50dc8b9dac39babd0c7ee178f4b591eae

  • SHA512

    02304c5720516bd45f741f119f818979762af497bb42ecf3828708cf521a34b7afdff5e07474f268085bf28a64caa38fd07a58e8e9bb80dc3b55509871321687

  • SSDEEP

    12288:8jBb4Kr7DwfmUMrdcoFC765e3xN6i0427YKwkP0GHd1xbLvWQfePi0cyIkI900j6:8x4q1UtxN6i04W9byi02cSO/tN

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      Jonita.dll

    • Size

      18KB

    • MD5

      4c48db0d05ea1ff2348bb96c65aabb35

    • SHA1

      03578d3bb9aa7d459fa9f9d466b085e6af3a46d2

    • SHA256

      a97ffd0927ba971b05a2b5c6e57423011016636e11823e599f8990ec0855b465

    • SHA512

      6e0eac873ba18575762bbb56617992dc7cdf1ea49a5f58b4f644f584c94f6a46a3d023cb658a44b956371e216cbd7f9f8dfd39254d6115d5e0067fab0233efc8

    • SSDEEP

      384:O8/Udm5Lsb/8jW9xrUHDFEXfxp/nR8aLOfEE:Oed08jWQEZ3E

    Score
    3/10
    discovery
    behavioral1behavioral2

    • Target

      VIP Forum.exe

    • Size

      1.1MB

    • MD5

      162c35f014cea15fc17213ec5d8a0b60

    • SHA1

      df9a5575d5859a9327afe825ea6872dd04647fdf

    • SHA256

      b8dfba0af9b771758e4327ccca83dc76e1708d7e7930437502eb4d813e619f12

    • SHA512

      0aa6a09655e5a7eec90bdba3cced5ec129baf58d1c0de8ce0e77fb3b3b2648ff55934739e24cd2dd6aa469e5f18177deddb0ddc6a1d4d14822431bb78c107b36

    • SSDEEP

      24576:KkQ0C7B36r7vtAfEPCp6iCXGJjYoFt7AsrFwlcVq2ULMH:K5BKdAcySXGzFNAMmcpULMH

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks