Overview

overview

10

Static

static

3

dd2e95a73c...18.exe

windows7-x64

10

dd2e95a73c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dd2e95a73c3331f789cd7574825e2a88_JaffaCakes118

  • Size

    295KB

  • Sample

    240912-2pvcjsyhmk

  • MD5

    dd2e95a73c3331f789cd7574825e2a88

  • SHA1

    7687a19d9b22717eba27843b0c57fcc681e13daa

  • SHA256

    0e58fe358bfcdc406f6283a51f11cdf7d604afd8b2b8876443e4f39db675d781

  • SHA512

    0f267594fe0298c99d53df5d24e58ac45d1cba8099c158f1af0b1f5ab38245fa49e49bf43e5bdc06f0813c769b718e2d82f741d3df17a6f44468f5d541c8e930

  • SSDEEP

    6144:ZG6nI4OMEJILMV9KcMkl4Lc5n5mBplk8yQauC/WPqkAEK2oxrmj:Z5VhkOg5Wp5WuC+P6EK2oi

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      dd2e95a73c3331f789cd7574825e2a88_JaffaCakes118

    • Size

      295KB

    • MD5

      dd2e95a73c3331f789cd7574825e2a88

    • SHA1

      7687a19d9b22717eba27843b0c57fcc681e13daa

    • SHA256

      0e58fe358bfcdc406f6283a51f11cdf7d604afd8b2b8876443e4f39db675d781

    • SHA512

      0f267594fe0298c99d53df5d24e58ac45d1cba8099c158f1af0b1f5ab38245fa49e49bf43e5bdc06f0813c769b718e2d82f741d3df17a6f44468f5d541c8e930

    • SSDEEP

      6144:ZG6nI4OMEJILMV9KcMkl4Lc5n5mBplk8yQauC/WPqkAEK2oxrmj:Z5VhkOg5Wp5WuC+P6EK2oi

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks