Overview

overview

10

Static

static

3

c4ea84a727...18.exe

windows7-x64

10

c4ea84a727...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c4ea84a727670027a63e63b5717730f4_JaffaCakes118

  • Size

    483KB

  • Sample

    240827-npbzbazfqr

  • MD5

    c4ea84a727670027a63e63b5717730f4

  • SHA1

    4b8a6b2b4742fa8e06460953fc43c92fcb845cbb

  • SHA256

    7b1158bb86b4a1c8cb60b000eef58b61b23069741df99a7a3d30e52e057ed115

  • SHA512

    860383dcca580b070adaf69e176caf4d38dcd47b13a1a34334e318932dbef109057cf8156e7339ba62329c15c6f7b8369d16fcdf6259786615ecbb7b891780ee

  • SSDEEP

    12288:AlG4YO93Cbw7MlYsywcANK8ZrUNic4ZfCsmDWUS9XcS:9HQCbwYlj7jRox4gZWUOT

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      c4ea84a727670027a63e63b5717730f4_JaffaCakes118

    • Size

      483KB

    • MD5

      c4ea84a727670027a63e63b5717730f4

    • SHA1

      4b8a6b2b4742fa8e06460953fc43c92fcb845cbb

    • SHA256

      7b1158bb86b4a1c8cb60b000eef58b61b23069741df99a7a3d30e52e057ed115

    • SHA512

      860383dcca580b070adaf69e176caf4d38dcd47b13a1a34334e318932dbef109057cf8156e7339ba62329c15c6f7b8369d16fcdf6259786615ecbb7b891780ee

    • SSDEEP

      12288:AlG4YO93Cbw7MlYsywcANK8ZrUNic4ZfCsmDWUS9XcS:9HQCbwYlj7jRox4gZWUOT

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks