Overview

overview

10

Static

static

3

109b7ccb25...18.exe

windows7-x64

10

109b7ccb25...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    109b7ccb2580197c3daebf70c55e4cd8_JaffaCakes118

  • Size

    504KB

  • Sample

    241003-1k5r2syakl

  • MD5

    109b7ccb2580197c3daebf70c55e4cd8

  • SHA1

    4727f0578478d17ccd3e31fc08c74522fb186b1a

  • SHA256

    0dbfd337b160c8c65587ac6c4192a222f0810538f84b8fece4b011bdef87c4a4

  • SHA512

    f3068dbd5a3ee19ebfcf15b8890a9e170a5b07c5413b0ed01ddf5db1b5cc75f928021b6a9a1d0d8f478c036cd3e9220f335e597e8df65de43175ff780b4d7d94

  • SSDEEP

    12288:m1QfRvV6CunDeLMD/UgR/aXUtIhP/4OV5TTp8q:5JvV6C8eLMDMgRoXhb5uq

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      109b7ccb2580197c3daebf70c55e4cd8_JaffaCakes118

    • Size

      504KB

    • MD5

      109b7ccb2580197c3daebf70c55e4cd8

    • SHA1

      4727f0578478d17ccd3e31fc08c74522fb186b1a

    • SHA256

      0dbfd337b160c8c65587ac6c4192a222f0810538f84b8fece4b011bdef87c4a4

    • SHA512

      f3068dbd5a3ee19ebfcf15b8890a9e170a5b07c5413b0ed01ddf5db1b5cc75f928021b6a9a1d0d8f478c036cd3e9220f335e597e8df65de43175ff780b4d7d94

    • SSDEEP

      12288:m1QfRvV6CunDeLMD/UgR/aXUtIhP/4OV5TTp8q:5JvV6C8eLMDMgRoXhb5uq

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks