Overview

overview

10

Static

static

3

10cbfa97e1...18.exe

windows7-x64

10

10cbfa97e1...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10cbfa97e1a1a307002041090cf1bcc6_JaffaCakes118

  • Size

    506KB

  • Sample

    241003-2rgt8s1cpr

  • MD5

    10cbfa97e1a1a307002041090cf1bcc6

  • SHA1

    28b67fa5d16490e92c50d89496f2fe083d5928d9

  • SHA256

    cdd8c73744b92ea92a44a9498f36711f8077c12daeac69d0fae87718a8105357

  • SHA512

    e7a20a271514df6eaf649e00d8fc30544fd5195a909a747284e8167816e7ea48b2aa440bf6e47d17a1f20886ea4ba31148adc73813c62d5ba561d113da2dd75a

  • SSDEEP

    12288:LRheIGEhx/Nj7PKuyQPIqSb2k7stg0GgrKUW8edl1+i:eIXXjbbnQ1ikb2rKUUdl1p

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      10cbfa97e1a1a307002041090cf1bcc6_JaffaCakes118

    • Size

      506KB

    • MD5

      10cbfa97e1a1a307002041090cf1bcc6

    • SHA1

      28b67fa5d16490e92c50d89496f2fe083d5928d9

    • SHA256

      cdd8c73744b92ea92a44a9498f36711f8077c12daeac69d0fae87718a8105357

    • SHA512

      e7a20a271514df6eaf649e00d8fc30544fd5195a909a747284e8167816e7ea48b2aa440bf6e47d17a1f20886ea4ba31148adc73813c62d5ba561d113da2dd75a

    • SSDEEP

      12288:LRheIGEhx/Nj7PKuyQPIqSb2k7stg0GgrKUW8edl1+i:eIXXjbbnQ1ikb2rKUUdl1p

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks