Overview

overview

10

Static

static

3

1094607807...18.exe

windows7-x64

10

1094607807...18.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10946078079cbb0949a536067e2e3212_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241003-1ewl7a1fjh

  • MD5

    10946078079cbb0949a536067e2e3212

  • SHA1

    01ad552b9bef788801a06c4c580f6ab11ccf3f7e

  • SHA256

    be006790d460dccc454455f71e30b11e3f7924e902b3af72184c809bba127afd

  • SHA512

    405ca02e377ad67477dc4975c0c09eb3413efc3a28ffbb296b38cc258590310c523850f7eea2d3c78b5cbfa491ce8a1b7c229de8f17d08362a3d3ce4b3b055a7

  • SSDEEP

    49152:I2B/J6Dqk6DE2wirhnr2vwXDJRzLc7cgSjeMd+X:x/J6DR6DMWnSvwXDJF0cgSjH+

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      10946078079cbb0949a536067e2e3212_JaffaCakes118

    • Size

      1.7MB

    • MD5

      10946078079cbb0949a536067e2e3212

    • SHA1

      01ad552b9bef788801a06c4c580f6ab11ccf3f7e

    • SHA256

      be006790d460dccc454455f71e30b11e3f7924e902b3af72184c809bba127afd

    • SHA512

      405ca02e377ad67477dc4975c0c09eb3413efc3a28ffbb296b38cc258590310c523850f7eea2d3c78b5cbfa491ce8a1b7c229de8f17d08362a3d3ce4b3b055a7

    • SSDEEP

      49152:I2B/J6Dqk6DE2wirhnr2vwXDJRzLc7cgSjeMd+X:x/J6DR6DMWnSvwXDJF0cgSjH+

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks