Overview

overview

10

Static

static

3

f37a21e750...18.exe

windows7-x64

10

f37a21e750...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f37a21e750f52ecae9dca8f449c28db4_JaffaCakes118

  • Size

    515KB

  • Sample

    240924-mxsflasajp

  • MD5

    f37a21e750f52ecae9dca8f449c28db4

  • SHA1

    d65aa8cdcd202134d7cd7b5b2e6651efc1e46af5

  • SHA256

    c0f3cfe3c48b7bb10e237a49faeb57f7030546809269ae0fe3766d850386cc71

  • SHA512

    418a7a7c69a146fc91448a3e379e9ea394450f5cb8e8d98ce20ace824e8120d84cb2b731df061b4dab040ea1ec9c683ef39ab2614a69fb33896568021d5c5276

  • SSDEEP

    6144:/Rov6TBg7zpbC7bH7l2F1494NEwvcJCI/CmtQejoOgy7dgoRFaaU+sHkCsE3AlQ6:/Gyg/pKlo1/N8d/C5u7BFCgdZnivPLU

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      f37a21e750f52ecae9dca8f449c28db4_JaffaCakes118

    • Size

      515KB

    • MD5

      f37a21e750f52ecae9dca8f449c28db4

    • SHA1

      d65aa8cdcd202134d7cd7b5b2e6651efc1e46af5

    • SHA256

      c0f3cfe3c48b7bb10e237a49faeb57f7030546809269ae0fe3766d850386cc71

    • SHA512

      418a7a7c69a146fc91448a3e379e9ea394450f5cb8e8d98ce20ace824e8120d84cb2b731df061b4dab040ea1ec9c683ef39ab2614a69fb33896568021d5c5276

    • SSDEEP

      6144:/Rov6TBg7zpbC7bH7l2F1494NEwvcJCI/CmtQejoOgy7dgoRFaaU+sHkCsE3AlQ6:/Gyg/pKlo1/N8d/C5u7BFCgdZnivPLU

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks