Overview

overview

10

Static

static

3

186f8b8d2b...18.exe

windows7-x64

10

186f8b8d2b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    186f8b8d2bde2a531e1cd4df04b53d35_JaffaCakes118

  • Size

    557KB

  • Sample

    241006-rlkntsybkr

  • MD5

    186f8b8d2bde2a531e1cd4df04b53d35

  • SHA1

    d521a7585f481c1df86242f78645b11deca258e4

  • SHA256

    092f01db62d349cb9aabab44b39ddc822b91e091fd79c1e2851a7d86e5d62a46

  • SHA512

    43ff4d8d55403554ea29f757c9f005a06cf895f9fe4b0926ed9d2445191d9871dd36152baccfc8ada35a20afe80ae701475c03af505da9d5ede93a215cf7b0d1

  • SSDEEP

    12288:KQ8jwz/7PC/VbWU5vOOmDJbgMsVGqubXVgzqSNi7cqv9k9IszH:qOwbWU9OOm9sMsVGpV22h9k9IszH

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      186f8b8d2bde2a531e1cd4df04b53d35_JaffaCakes118

    • Size

      557KB

    • MD5

      186f8b8d2bde2a531e1cd4df04b53d35

    • SHA1

      d521a7585f481c1df86242f78645b11deca258e4

    • SHA256

      092f01db62d349cb9aabab44b39ddc822b91e091fd79c1e2851a7d86e5d62a46

    • SHA512

      43ff4d8d55403554ea29f757c9f005a06cf895f9fe4b0926ed9d2445191d9871dd36152baccfc8ada35a20afe80ae701475c03af505da9d5ede93a215cf7b0d1

    • SSDEEP

      12288:KQ8jwz/7PC/VbWU5vOOmDJbgMsVGqubXVgzqSNi7cqv9k9IszH:qOwbWU9OOm9sMsVGpV22h9k9IszH

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks