Overview

overview

10

Static

static

3

dbb0d59aae...18.exe

windows7-x64

10

dbb0d59aae...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dbb0d59aaeb0211ca74f9afbe9dc5c77_JaffaCakes118

  • Size

    539KB

  • Sample

    240912-dgfmesxgqe

  • MD5

    dbb0d59aaeb0211ca74f9afbe9dc5c77

  • SHA1

    718f2d8dea8f02ae88f0712ca16c7a5cde0f9b8c

  • SHA256

    4525078def51388b7bac98705728c60484255077dbdcca1fb0f5661ba0f01520

  • SHA512

    63e68948a3b3f45a384d6161077cd40448eb64e536b6e7f8c4ab418c1e566b683147f00b3a2036ae3b550c19481e2c25e624e641c3a0429b810cbdc2dc3f6391

  • SSDEEP

    12288:fI/QHMCSnw1+DnszNwJxs5DWBZfiiZF5r0iKE3ym4HAyzjxGw+Osmghr/:5HYw1EmDWvr5rOEagA+5Tj

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      dbb0d59aaeb0211ca74f9afbe9dc5c77_JaffaCakes118

    • Size

      539KB

    • MD5

      dbb0d59aaeb0211ca74f9afbe9dc5c77

    • SHA1

      718f2d8dea8f02ae88f0712ca16c7a5cde0f9b8c

    • SHA256

      4525078def51388b7bac98705728c60484255077dbdcca1fb0f5661ba0f01520

    • SHA512

      63e68948a3b3f45a384d6161077cd40448eb64e536b6e7f8c4ab418c1e566b683147f00b3a2036ae3b550c19481e2c25e624e641c3a0429b810cbdc2dc3f6391

    • SSDEEP

      12288:fI/QHMCSnw1+DnszNwJxs5DWBZfiiZF5r0iKE3ym4HAyzjxGw+Osmghr/:5HYw1EmDWvr5rOEagA+5Tj

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks