Overview

overview

10

Static

static

3

d406986704...18.exe

windows7-x64

10

d406986704...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d4069867047cb9d014616752f96be24f_JaffaCakes118

  • Size

    517KB

  • Sample

    240908-laqg2sxfpm

  • MD5

    d4069867047cb9d014616752f96be24f

  • SHA1

    4ad77cbde9402a2f5739b96617f285142fdbc9a8

  • SHA256

    d7786d3ede3c6ecd08432c41e5bd814ab8e284886f309634b4c2508d56415b96

  • SHA512

    f410e595242b2bf852ef179783c94b65480e0d51dea89ba4becd1181e117c14eb786c5e2f82d963c086e0f34d09b72b7b599121399cd810930b6d14835a76600

  • SSDEEP

    12288:2SKwX88M4cyn4W9yf1Gwn5mpV5AX+a89ts8MM3zS7lhp/2tEGGoiYLshyd:/98Ccy44wn5aV5AXfsMM3ylb2tEGGRyd

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      d4069867047cb9d014616752f96be24f_JaffaCakes118

    • Size

      517KB

    • MD5

      d4069867047cb9d014616752f96be24f

    • SHA1

      4ad77cbde9402a2f5739b96617f285142fdbc9a8

    • SHA256

      d7786d3ede3c6ecd08432c41e5bd814ab8e284886f309634b4c2508d56415b96

    • SHA512

      f410e595242b2bf852ef179783c94b65480e0d51dea89ba4becd1181e117c14eb786c5e2f82d963c086e0f34d09b72b7b599121399cd810930b6d14835a76600

    • SSDEEP

      12288:2SKwX88M4cyn4W9yf1Gwn5mpV5AX+a89ts8MM3zS7lhp/2tEGGoiYLshyd:/98Ccy44wn5aV5AXfsMM3ylb2tEGGRyd

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks