Overview

overview

10

Static

static

3

001950ed5a...18.exe

windows7-x64

10

001950ed5a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    001950ed5a6d66308ae1fb1782ddea42_JaffaCakes118

  • Size

    187KB

  • Sample

    240930-hxzsfswfpd

  • MD5

    001950ed5a6d66308ae1fb1782ddea42

  • SHA1

    794343bbc42718c10b7aff927de5d6f9264e123c

  • SHA256

    e842fe993f175f111fd6799907f2fb42956766e03c51b1397263f1922f3c3aeb

  • SHA512

    512306e23f04fa45af213a28939f8d5708fc96035b918a29db634355a571e7f355a8c3cd8d4af7644d2d548787b14f0fcb4e6b71038b90a791b9335f034c84de

  • SSDEEP

    3072:7CNmpyGKj6KpZZUCnkAKrM2SkF1vHrqkjoZEuOfnhIAkrdhiMYW1gU3r0GMzk:0mpyGKuKpZGCkAB2fTHrFkZEuOf3kBht

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      001950ed5a6d66308ae1fb1782ddea42_JaffaCakes118

    • Size

      187KB

    • MD5

      001950ed5a6d66308ae1fb1782ddea42

    • SHA1

      794343bbc42718c10b7aff927de5d6f9264e123c

    • SHA256

      e842fe993f175f111fd6799907f2fb42956766e03c51b1397263f1922f3c3aeb

    • SHA512

      512306e23f04fa45af213a28939f8d5708fc96035b918a29db634355a571e7f355a8c3cd8d4af7644d2d548787b14f0fcb4e6b71038b90a791b9335f034c84de

    • SSDEEP

      3072:7CNmpyGKj6KpZZUCnkAKrM2SkF1vHrqkjoZEuOfnhIAkrdhiMYW1gU3r0GMzk:0mpyGKuKpZGCkAB2fTHrFkZEuOf3kBht

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks