Overview

overview

10

Static

static

3

1360f6b6a7...18.exe

windows7-x64

10

1360f6b6a7...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1360f6b6a7f6fb68e74765b0f15823e0_JaffaCakes118

  • Size

    510KB

  • Sample

    241004-pryrjathjr

  • MD5

    1360f6b6a7f6fb68e74765b0f15823e0

  • SHA1

    5294878fea0bd8fb2653576baaab9527f280d233

  • SHA256

    062f229d442a13f52cf47d061aadb73fb60005a7d38dfb7a85fab5b01e9ba81e

  • SHA512

    704e97f50106e7a80ec650b5f1e6a06903ec4768dfa9e7f74099156f7d77d297d8c81ce8d16dd5e266e3bfe12b6c2c3cb74a254c369d2f718fa8c25142eed03d

  • SSDEEP

    12288:0aKsPkf4Q0reAo9Vfl5ha08QTkNGbtpQSNXLYP8Pl5:z7PW4EAaVfl5ha08QMGbtpVBLZt5

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      1360f6b6a7f6fb68e74765b0f15823e0_JaffaCakes118

    • Size

      510KB

    • MD5

      1360f6b6a7f6fb68e74765b0f15823e0

    • SHA1

      5294878fea0bd8fb2653576baaab9527f280d233

    • SHA256

      062f229d442a13f52cf47d061aadb73fb60005a7d38dfb7a85fab5b01e9ba81e

    • SHA512

      704e97f50106e7a80ec650b5f1e6a06903ec4768dfa9e7f74099156f7d77d297d8c81ce8d16dd5e266e3bfe12b6c2c3cb74a254c369d2f718fa8c25142eed03d

    • SSDEEP

      12288:0aKsPkf4Q0reAo9Vfl5ha08QTkNGbtpQSNXLYP8Pl5:z7PW4EAaVfl5ha08QMGbtpVBLZt5

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks