Overview

overview

10

Static

static

3

cd0f7c846b...18.exe

windows7-x64

10

cd0f7c846b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cd0f7c846b3078e2c56ed748e92db9e2_JaffaCakes118

  • Size

    1.8MB

  • Sample

    240831-ssx36s1bjl

  • MD5

    cd0f7c846b3078e2c56ed748e92db9e2

  • SHA1

    5914542aebe1ece668bffd46a3c2737bb69d432a

  • SHA256

    558a4a83d857e4bfd4ff328022db546e4e95559641e3c2c2dbbad7cd1eedbd61

  • SHA512

    4b9b5965567987352e05e9d1d367e85ea81142f3f4f4175fdd620b74154fbf33a52ca1f2d0cf7239e055b765760ee2271c144fc92680c175a3927e75b208bf46

  • SSDEEP

    49152:2oTIfxPrqwzrEvk+jpq16CX/xq4lnxHGT7Gl:x8oq1vq4rGTa

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      cd0f7c846b3078e2c56ed748e92db9e2_JaffaCakes118

    • Size

      1.8MB

    • MD5

      cd0f7c846b3078e2c56ed748e92db9e2

    • SHA1

      5914542aebe1ece668bffd46a3c2737bb69d432a

    • SHA256

      558a4a83d857e4bfd4ff328022db546e4e95559641e3c2c2dbbad7cd1eedbd61

    • SHA512

      4b9b5965567987352e05e9d1d367e85ea81142f3f4f4175fdd620b74154fbf33a52ca1f2d0cf7239e055b765760ee2271c144fc92680c175a3927e75b208bf46

    • SSDEEP

      49152:2oTIfxPrqwzrEvk+jpq16CX/xq4lnxHGT7Gl:x8oq1vq4rGTa

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks