Overview

overview

10

Static

static

3

fc8deb4e7f...18.exe

windows7-x64

10

fc8deb4e7f...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fc8deb4e7f5042dccbfc8176bfa5a29f_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240928-sf34navbjc

  • MD5

    fc8deb4e7f5042dccbfc8176bfa5a29f

  • SHA1

    e9245c9fc1aaa076812a3a98baa999779d9e3b63

  • SHA256

    8cc7822c9fa05357eb5ba78430b086eee242e4c9dc9a62c70bbd251ab0625e82

  • SHA512

    5295999e4a2e821883595ec3c2ce5ec98e28d13bce1d7f1fdea63a270c596702295a548e0ef8f0b2c3062ab513615b77e12ba8362d1e48cd357f9d8ccbc16bbc

  • SSDEEP

    24576:V0NzTAlIhALxEPcwmbz9C5OCsbca6EvAdJDrh5I9UI0Z1f09eh1+i:V0pTAGhALZjz9C/so3GArfUGIscEr+

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      fc8deb4e7f5042dccbfc8176bfa5a29f_JaffaCakes118

    • Size

      1.2MB

    • MD5

      fc8deb4e7f5042dccbfc8176bfa5a29f

    • SHA1

      e9245c9fc1aaa076812a3a98baa999779d9e3b63

    • SHA256

      8cc7822c9fa05357eb5ba78430b086eee242e4c9dc9a62c70bbd251ab0625e82

    • SHA512

      5295999e4a2e821883595ec3c2ce5ec98e28d13bce1d7f1fdea63a270c596702295a548e0ef8f0b2c3062ab513615b77e12ba8362d1e48cd357f9d8ccbc16bbc

    • SSDEEP

      24576:V0NzTAlIhALxEPcwmbz9C5OCsbca6EvAdJDrh5I9UI0Z1f09eh1+i:V0pTAGhALZjz9C/so3GArfUGIscEr+

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks