Overview

overview

10

Static

static

3

105a4c3d65...18.exe

windows7-x64

10

105a4c3d65...18.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    105a4c3d657448b936e4791379fda682_JaffaCakes118

  • Size

    528KB

  • Sample

    241003-ywzztsxfrd

  • MD5

    105a4c3d657448b936e4791379fda682

  • SHA1

    c1cc85d8b115f9815c3ed69d95bb53891cdc7fd8

  • SHA256

    dc0b0f4d3081ac3fcce1405383afc2ab450b1396ff9ae5e2875887e4d2f1be6f

  • SHA512

    74107752b05b6f2f2eb93e4fac30ffd6d366206ef82d01e0111f2f93566b61ac08a4ab0a7f86ad23510406ea439e77945d49d8604227c72a55f502f5472ce129

  • SSDEEP

    12288:cl7ZjNHasczx1gab+c9sMvkIluNJmbt3Kzrxe+m7MoS:UZjN6sczfgq+ovkIsNMKzrxkMoS

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      105a4c3d657448b936e4791379fda682_JaffaCakes118

    • Size

      528KB

    • MD5

      105a4c3d657448b936e4791379fda682

    • SHA1

      c1cc85d8b115f9815c3ed69d95bb53891cdc7fd8

    • SHA256

      dc0b0f4d3081ac3fcce1405383afc2ab450b1396ff9ae5e2875887e4d2f1be6f

    • SHA512

      74107752b05b6f2f2eb93e4fac30ffd6d366206ef82d01e0111f2f93566b61ac08a4ab0a7f86ad23510406ea439e77945d49d8604227c72a55f502f5472ce129

    • SSDEEP

      12288:cl7ZjNHasczx1gab+c9sMvkIluNJmbt3Kzrxe+m7MoS:UZjN6sczfgq+ovkIsNMKzrxkMoS

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks