Overview

overview

10

Static

static

3

bacd3aab69...18.exe

windows7-x64

10

bacd3aab69...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bacd3aab6910a82ed5b64b210e92135c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240823-h4clha1elg

  • MD5

    bacd3aab6910a82ed5b64b210e92135c

  • SHA1

    36d2f786c6f1699a8d309854fa2bb165cf93c4fc

  • SHA256

    1784f7a5e094146e84d53f20d6d504a4cf353e369fc895ed81bc9bbd9950d5a7

  • SHA512

    51e45d86cdb476ba192655627610bae691e3cc7a9a300492552ab14bb891a5273af904e4d75e47a675101790b370f52102a5371fc91d3ed94b8b57b93a265640

  • SSDEEP

    24576:eITTy6nYLlB8G4yQAIl/VNagjl7AUMDgaWqnllZdLJaMcF8MGV0:e6TyQsX4yQAItasEpDgaW4lZdlaGQ

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      bacd3aab6910a82ed5b64b210e92135c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      bacd3aab6910a82ed5b64b210e92135c

    • SHA1

      36d2f786c6f1699a8d309854fa2bb165cf93c4fc

    • SHA256

      1784f7a5e094146e84d53f20d6d504a4cf353e369fc895ed81bc9bbd9950d5a7

    • SHA512

      51e45d86cdb476ba192655627610bae691e3cc7a9a300492552ab14bb891a5273af904e4d75e47a675101790b370f52102a5371fc91d3ed94b8b57b93a265640

    • SSDEEP

      24576:eITTy6nYLlB8G4yQAIl/VNagjl7AUMDgaWqnllZdLJaMcF8MGV0:e6TyQsX4yQAItasEpDgaW4lZdlaGQ

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks