Overview

overview

10

Static

static

3

098c01d130...18.exe

windows7-x64

10

098c01d130...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    098c01d130d35c4e15ef2b76a38a0dce_JaffaCakes118

  • Size

    1.3MB

  • Sample

    241002-jbl5xaxgrd

  • MD5

    098c01d130d35c4e15ef2b76a38a0dce

  • SHA1

    7fedc43d09aa84322b6d0662dc52bfcf83a75946

  • SHA256

    1410bfce5cb5ff66e569c744d2f132fe633f3467e46573127244ecbc2871bcea

  • SHA512

    0e1fb764d235ed3c0c47bf6920bd50190a60abe0d5373306a93c01e74e91dc55822773221c3a56fcecda4a7dadf3bb6dc03e4f208469f312a32befb43133333c

  • SSDEEP

    24576:poviLoFVH7e/4tGpv7GPE7dupqi5K3syLPOm5sxucCzBjcd6TJ97WTzL:poH704tBg0pqi5K3ZjOXucq5cd27k

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      098c01d130d35c4e15ef2b76a38a0dce_JaffaCakes118

    • Size

      1.3MB

    • MD5

      098c01d130d35c4e15ef2b76a38a0dce

    • SHA1

      7fedc43d09aa84322b6d0662dc52bfcf83a75946

    • SHA256

      1410bfce5cb5ff66e569c744d2f132fe633f3467e46573127244ecbc2871bcea

    • SHA512

      0e1fb764d235ed3c0c47bf6920bd50190a60abe0d5373306a93c01e74e91dc55822773221c3a56fcecda4a7dadf3bb6dc03e4f208469f312a32befb43133333c

    • SSDEEP

      24576:poviLoFVH7e/4tGpv7GPE7dupqi5K3syLPOm5sxucCzBjcd6TJ97WTzL:poH704tBg0pqi5K3ZjOXucq5cd27k

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks