Overview

overview

10

Static

static

3

0a754d7bbc...18.exe

windows7-x64

10

0a754d7bbc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0a754d7bbc8cb73496e47fb680f3474a_JaffaCakes118

  • Size

    478KB

  • Sample

    241002-nqx8yateqj

  • MD5

    0a754d7bbc8cb73496e47fb680f3474a

  • SHA1

    81d87f3e85cdb17195137144cc43835b1cdfd4da

  • SHA256

    a87a3e88c98998c0842c497bdde34c865830386e6571cdbdd265e90badcfd45d

  • SHA512

    1f75c46082f7d2d09d73a443ff8f9906da13ee3aae73fd6525475267fd3e848544ae148d23bf9c801941c514e02848a9e360bd068e2a9d5661095953345b87ed

  • SSDEEP

    12288:ba2W4SCTXm8Jx8DnEPS/ylOh1t3gkgOL1X84h5Zwwlw:+2fdXnL0EPSalOhDg+M4q

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      0a754d7bbc8cb73496e47fb680f3474a_JaffaCakes118

    • Size

      478KB

    • MD5

      0a754d7bbc8cb73496e47fb680f3474a

    • SHA1

      81d87f3e85cdb17195137144cc43835b1cdfd4da

    • SHA256

      a87a3e88c98998c0842c497bdde34c865830386e6571cdbdd265e90badcfd45d

    • SHA512

      1f75c46082f7d2d09d73a443ff8f9906da13ee3aae73fd6525475267fd3e848544ae148d23bf9c801941c514e02848a9e360bd068e2a9d5661095953345b87ed

    • SSDEEP

      12288:ba2W4SCTXm8Jx8DnEPS/ylOh1t3gkgOL1X84h5Zwwlw:+2fdXnL0EPSalOhDg+M4q

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks