Overview

overview

10

Static

static

3

c7d4f38a28...18.exe

windows7-x64

10

c7d4f38a28...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c7d4f38a28f215a6544e54419b41e8f1_JaffaCakes118

  • Size

    1.0MB

  • Sample

    240828-3b5rss1hpf

  • MD5

    c7d4f38a28f215a6544e54419b41e8f1

  • SHA1

    6b47f9c78adc02a659564d548f37639ed6339fc1

  • SHA256

    a24e14d1a308e03704665851d87985fc9bb28240087cc9f677811d04e1e65e9f

  • SHA512

    77a41dd04258e657cf1e54966c475c3e4a5291e85fb84f9017c88eed6ee704124349ae74552bed810079e6e091bfcf401063cb9032b20075f96496d65d938e7e

  • SSDEEP

    24576:l8ZGmRmbA5z2CiFPzJSGiVcDwdHFWqnLVjvXIB:GGmRms56BMGiVc8dHFzxX8

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      c7d4f38a28f215a6544e54419b41e8f1_JaffaCakes118

    • Size

      1.0MB

    • MD5

      c7d4f38a28f215a6544e54419b41e8f1

    • SHA1

      6b47f9c78adc02a659564d548f37639ed6339fc1

    • SHA256

      a24e14d1a308e03704665851d87985fc9bb28240087cc9f677811d04e1e65e9f

    • SHA512

      77a41dd04258e657cf1e54966c475c3e4a5291e85fb84f9017c88eed6ee704124349ae74552bed810079e6e091bfcf401063cb9032b20075f96496d65d938e7e

    • SSDEEP

      24576:l8ZGmRmbA5z2CiFPzJSGiVcDwdHFWqnLVjvXIB:GGmRms56BMGiVc8dHFzxX8

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks