Overview

overview

10

Static

static

3

0aff2624b2...18.exe

windows7-x64

10

0aff2624b2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0aff2624b2ccabf568578930e2f21e73_JaffaCakes118

  • Size

    743KB

  • Sample

    241002-q8bh1atbrc

  • MD5

    0aff2624b2ccabf568578930e2f21e73

  • SHA1

    fc539643be3096539da67257d2c423f9aa39644d

  • SHA256

    9f315947a8415008ccbd8f70f1023bad0330ce353af0e2695509f02ece556af0

  • SHA512

    91bf820dfa97e200df58d35e2fe6c6d50c3a655212038d6410fcc85c1e355e6a5d2cf0dacb2086a14e7ce0838ca1b3afc4f796f15885744ffcca09751fda8fd7

  • SSDEEP

    12288:ke0HJ0cfjY2dAJLSSUT9fslxsLuu7a+1mES+/2jsxf1do4bLmHUKL9LQgvpTI:ke0p0cfzvT9UlxMBaIm1jsxlC0QNjTI

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      0aff2624b2ccabf568578930e2f21e73_JaffaCakes118

    • Size

      743KB

    • MD5

      0aff2624b2ccabf568578930e2f21e73

    • SHA1

      fc539643be3096539da67257d2c423f9aa39644d

    • SHA256

      9f315947a8415008ccbd8f70f1023bad0330ce353af0e2695509f02ece556af0

    • SHA512

      91bf820dfa97e200df58d35e2fe6c6d50c3a655212038d6410fcc85c1e355e6a5d2cf0dacb2086a14e7ce0838ca1b3afc4f796f15885744ffcca09751fda8fd7

    • SSDEEP

      12288:ke0HJ0cfjY2dAJLSSUT9fslxsLuu7a+1mES+/2jsxf1do4bLmHUKL9LQgvpTI:ke0p0cfzvT9UlxMBaIm1jsxlC0QNjTI

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks