Overview

overview

10

Static

static

3

cdc74f7429...18.exe

windows7-x64

10

cdc74f7429...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cdc74f74299c01804caa19c8809d19b3_JaffaCakes118

  • Size

    537KB

  • Sample

    240831-2624qa1cjm

  • MD5

    cdc74f74299c01804caa19c8809d19b3

  • SHA1

    fc4ff4711b13b21f5bda6cc6886aade7d2d81e53

  • SHA256

    d34ab02889ee8c94ad6fb843234a378f712fd4cfbde9a29a8b2bd051e805fdd5

  • SHA512

    5e725c7ac69a2d470de219dba3e0ec93aaf4a2f92589a1546eccc571ca2a99b1175f8d64276185cf8ba66a956efb00eee47a404c4d1b3e86ba5526a573b0dc67

  • SSDEEP

    12288:2Iof/U58p1ArVxt9BZcEl3iMje9XgISs9CoSbs1zVCRR0R3:aTpkTvL1jepgQ9hWERG03

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      cdc74f74299c01804caa19c8809d19b3_JaffaCakes118

    • Size

      537KB

    • MD5

      cdc74f74299c01804caa19c8809d19b3

    • SHA1

      fc4ff4711b13b21f5bda6cc6886aade7d2d81e53

    • SHA256

      d34ab02889ee8c94ad6fb843234a378f712fd4cfbde9a29a8b2bd051e805fdd5

    • SHA512

      5e725c7ac69a2d470de219dba3e0ec93aaf4a2f92589a1546eccc571ca2a99b1175f8d64276185cf8ba66a956efb00eee47a404c4d1b3e86ba5526a573b0dc67

    • SSDEEP

      12288:2Iof/U58p1ArVxt9BZcEl3iMje9XgISs9CoSbs1zVCRR0R3:aTpkTvL1jepgQ9hWERG03

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks