Overview

overview

10

Static

static

3

efdd687aac...18.exe

windows7-x64

10

efdd687aac...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    efdd687aac77adae457ccb109b99ebb7_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240921-qdqdnstfnr

  • MD5

    efdd687aac77adae457ccb109b99ebb7

  • SHA1

    55034d88f1966fc0b2893664d6842a97374d98da

  • SHA256

    1aa76b09b923133745f11b808e50fa298de4b6de5c735797cc92a0cf3c43ab48

  • SHA512

    269ab99de9fc712f7148620da879070380f4e59263e125e568a29a27c610775eb77dc640136e1777520b90a199f83cb47f8c26991358bb1400570cfe9f3fcab3

  • SSDEEP

    24576:+GaUTig8fyS0l5nLnwz3j/AAzK/TTcOCgWH8Bv9mMV/Jv2DyiJCzq6u8dN:+GrTHHn2cA9oqS9rqyvjH

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      efdd687aac77adae457ccb109b99ebb7_JaffaCakes118

    • Size

      1.2MB

    • MD5

      efdd687aac77adae457ccb109b99ebb7

    • SHA1

      55034d88f1966fc0b2893664d6842a97374d98da

    • SHA256

      1aa76b09b923133745f11b808e50fa298de4b6de5c735797cc92a0cf3c43ab48

    • SHA512

      269ab99de9fc712f7148620da879070380f4e59263e125e568a29a27c610775eb77dc640136e1777520b90a199f83cb47f8c26991358bb1400570cfe9f3fcab3

    • SSDEEP

      24576:+GaUTig8fyS0l5nLnwz3j/AAzK/TTcOCgWH8Bv9mMV/Jv2DyiJCzq6u8dN:+GrTHHn2cA9oqS9rqyvjH

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks