Overview

overview

10

Static

static

3

fa5e47f050...18.exe

windows7-x64

10

fa5e47f050...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fa5e47f050a9a3639197b6c0ae6b2103_JaffaCakes118

  • Size

    1.9MB

  • Sample

    240927-n642estfpc

  • MD5

    fa5e47f050a9a3639197b6c0ae6b2103

  • SHA1

    7e29939ca716b36de9c15aeb582099a4cabe4e1f

  • SHA256

    1eb8234c1a861756c45cf3521e1abc0bea502f4fd22932b170883e557e774509

  • SHA512

    eae49600bf418899edf6816c347a446d370a97890aa30828244e2323a1e1be76485b9bd79b6d7058694fec5c70e3f6701d0a7b1a8e748902a45c90afe3d2bbd5

  • SSDEEP

    49152:ZXTFbSHC26LbUrSQepm+xJ46CnKxyoyHVv:rGJkAIMv

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      fa5e47f050a9a3639197b6c0ae6b2103_JaffaCakes118

    • Size

      1.9MB

    • MD5

      fa5e47f050a9a3639197b6c0ae6b2103

    • SHA1

      7e29939ca716b36de9c15aeb582099a4cabe4e1f

    • SHA256

      1eb8234c1a861756c45cf3521e1abc0bea502f4fd22932b170883e557e774509

    • SHA512

      eae49600bf418899edf6816c347a446d370a97890aa30828244e2323a1e1be76485b9bd79b6d7058694fec5c70e3f6701d0a7b1a8e748902a45c90afe3d2bbd5

    • SSDEEP

      49152:ZXTFbSHC26LbUrSQepm+xJ46CnKxyoyHVv:rGJkAIMv

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks