Overview

overview

10

Static

static

3

f7a1bcf2b0...18.exe

windows7-x64

10

f7a1bcf2b0...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f7a1bcf2b0ce10a8c4f6bbe425b3a7cc_JaffaCakes118

  • Size

    1.5MB

  • Sample

    240926-fsm7rascng

  • MD5

    f7a1bcf2b0ce10a8c4f6bbe425b3a7cc

  • SHA1

    72a47bc83963b89fe9e0bb9718b74e71d7779098

  • SHA256

    a6a770f26d9dbaf6f352b5d26d64b7ee26b67780ae11a78350b3ac169251d7b5

  • SHA512

    4f08a7e1a4a6c67a91e68c9c016facbc42dc096af90372318663ae810e11860efa24b2fd02b3f1962e8b710c108474a3d90c6c41ef91b8fb9ff9a1599fe6c926

  • SSDEEP

    49152:roT7Np26KpMj+yb9MH1tqZQHDe0pmg2/9:6appMj+sMiZQrpmgE

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      f7a1bcf2b0ce10a8c4f6bbe425b3a7cc_JaffaCakes118

    • Size

      1.5MB

    • MD5

      f7a1bcf2b0ce10a8c4f6bbe425b3a7cc

    • SHA1

      72a47bc83963b89fe9e0bb9718b74e71d7779098

    • SHA256

      a6a770f26d9dbaf6f352b5d26d64b7ee26b67780ae11a78350b3ac169251d7b5

    • SHA512

      4f08a7e1a4a6c67a91e68c9c016facbc42dc096af90372318663ae810e11860efa24b2fd02b3f1962e8b710c108474a3d90c6c41ef91b8fb9ff9a1599fe6c926

    • SSDEEP

      49152:roT7Np26KpMj+yb9MH1tqZQHDe0pmg2/9:6appMj+sMiZQrpmgE

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks