Overview

overview

10

Static

static

3

02949ff0e5...18.exe

windows7-x64

10

02949ff0e5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02949ff0e55e369c919fe30c08ee7e24_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240930-wgw9aaxhnn

  • MD5

    02949ff0e55e369c919fe30c08ee7e24

  • SHA1

    0e8968dd6ce27f1bbd10ffddecbfa6113dd61b69

  • SHA256

    d181e3b18a0d25cd048804c5a558df16520b87458a3601a3bc647d06d8e72834

  • SHA512

    7d9c4728901b4a59119854930ca278a6487500e7599c9b782e22b78766389da415aa88383f4890c9b536d3551b5814517a82bda7176759bb8500296f8428ff84

  • SSDEEP

    24576:+HvZT/dSPahnYtHE7z+jhUoXXf0aW9w2ocdLEgtG5GX3kzxSqbS6/wUIgp:uBT/dKWY+7yrnMaH2ocdL1G5Y3KzWMgg

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      02949ff0e55e369c919fe30c08ee7e24_JaffaCakes118

    • Size

      1.1MB

    • MD5

      02949ff0e55e369c919fe30c08ee7e24

    • SHA1

      0e8968dd6ce27f1bbd10ffddecbfa6113dd61b69

    • SHA256

      d181e3b18a0d25cd048804c5a558df16520b87458a3601a3bc647d06d8e72834

    • SHA512

      7d9c4728901b4a59119854930ca278a6487500e7599c9b782e22b78766389da415aa88383f4890c9b536d3551b5814517a82bda7176759bb8500296f8428ff84

    • SSDEEP

      24576:+HvZT/dSPahnYtHE7z+jhUoXXf0aW9w2ocdLEgtG5GX3kzxSqbS6/wUIgp:uBT/dKWY+7yrnMaH2ocdL1G5Y3KzWMgg

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks