Overview

overview

10

Static

static

3

ec28a285eb...18.exe

windows7-x64

10

ec28a285eb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec28a285eb7c0022f021064a9e73ae40_JaffaCakes118

  • Size

    918KB

  • Sample

    240919-zgvbgazdmm

  • MD5

    ec28a285eb7c0022f021064a9e73ae40

  • SHA1

    bd06a5ca5a43d66614b5ef55344e2a8b4aed5048

  • SHA256

    45a05078e555fb489807bbd1e3df8f49d7004bfc0a374c45aa8c3d8953af1f9f

  • SHA512

    83f3a62e385ea1185e0cf54d11e5a0ea3c71a19bfa8e6c218dd4e62d971f8961ccc908d9a49828a2107943bb7c8e2d3caafa4d68d67a60ece63038d6467bcc2a

  • SSDEEP

    24576:uHvZTDDE81u3rrl+YKvMqARUfrEvIzcSVKYYgQQh/SCqvoqU0bg0kW:eBTD5s33IXvMqkUfc+cSAa96U0

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      ec28a285eb7c0022f021064a9e73ae40_JaffaCakes118

    • Size

      918KB

    • MD5

      ec28a285eb7c0022f021064a9e73ae40

    • SHA1

      bd06a5ca5a43d66614b5ef55344e2a8b4aed5048

    • SHA256

      45a05078e555fb489807bbd1e3df8f49d7004bfc0a374c45aa8c3d8953af1f9f

    • SHA512

      83f3a62e385ea1185e0cf54d11e5a0ea3c71a19bfa8e6c218dd4e62d971f8961ccc908d9a49828a2107943bb7c8e2d3caafa4d68d67a60ece63038d6467bcc2a

    • SSDEEP

      24576:uHvZTDDE81u3rrl+YKvMqARUfrEvIzcSVKYYgQQh/SCqvoqU0bg0kW:eBTD5s33IXvMqkUfc+cSAa96U0

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks