Overview

overview

10

Static

static

3

fbfb6344ba...18.exe

windows7-x64

10

fbfb6344ba...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbfb6344bad16657e69434143bde12d9_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240928-k93qzszhpe

  • MD5

    fbfb6344bad16657e69434143bde12d9

  • SHA1

    2c0135c2042b2800cb88df50814b2134de3cf439

  • SHA256

    e648d3dc74787646def479acd6970a936b6814545b5361b06800d2c100d0230e

  • SHA512

    e245a9f670e0a5c89070392f2c8486bbea609fbf461f18959447e0429f356cab78b45b7c5008008a1d48500f9391893118e161f1cf58e3f5fe2390e25122b1d0

  • SSDEEP

    24576:+k/AT1yBZsxNHcDI+id/9lQM6MmG6FVFHgeNzcSeDWGvM9emdywGuw2HpQU:foT1savHcOdqMmG6FX1bQmdzGuw2Hp

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      fbfb6344bad16657e69434143bde12d9_JaffaCakes118

    • Size

      1.1MB

    • MD5

      fbfb6344bad16657e69434143bde12d9

    • SHA1

      2c0135c2042b2800cb88df50814b2134de3cf439

    • SHA256

      e648d3dc74787646def479acd6970a936b6814545b5361b06800d2c100d0230e

    • SHA512

      e245a9f670e0a5c89070392f2c8486bbea609fbf461f18959447e0429f356cab78b45b7c5008008a1d48500f9391893118e161f1cf58e3f5fe2390e25122b1d0

    • SSDEEP

      24576:+k/AT1yBZsxNHcDI+id/9lQM6MmG6FVFHgeNzcSeDWGvM9emdywGuw2HpQU:foT1savHcOdqMmG6FX1bQmdzGuw2Hp

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks