Overview

overview

10

Static

static

3

18f18eaef6...18.exe

windows7-x64

10

18f18eaef6...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    18f18eaef6414526d2930736bd312a03_JaffaCakes118

  • Size

    398KB

  • Sample

    241006-vkzyxayhne

  • MD5

    18f18eaef6414526d2930736bd312a03

  • SHA1

    49e8a64057c722d85de07e7f294ef462cf3b2e42

  • SHA256

    cf47b9dd42fb33fcbaf81254bd5b15147ba9d2056d0247c3f4ddcf1c8e482344

  • SHA512

    b6989ad187532cf5820a16fc5b8930ba6b9d3cc3a03431427f576899aa9abc6531b6aa354c4d9d1f73d6ac45c646ad93194d63c95b164383f9a1a7ceb7b5d838

  • SSDEEP

    6144:b1dlZro5yPHqhT9SBf3dBbiMEX7YKS8pchNHE77hpcEhCW6nX53e0Vji9PdI:b1dlZo5yPmSl3bKionhl6nXoyePdI

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      18f18eaef6414526d2930736bd312a03_JaffaCakes118

    • Size

      398KB

    • MD5

      18f18eaef6414526d2930736bd312a03

    • SHA1

      49e8a64057c722d85de07e7f294ef462cf3b2e42

    • SHA256

      cf47b9dd42fb33fcbaf81254bd5b15147ba9d2056d0247c3f4ddcf1c8e482344

    • SHA512

      b6989ad187532cf5820a16fc5b8930ba6b9d3cc3a03431427f576899aa9abc6531b6aa354c4d9d1f73d6ac45c646ad93194d63c95b164383f9a1a7ceb7b5d838

    • SSDEEP

      6144:b1dlZro5yPHqhT9SBf3dBbiMEX7YKS8pchNHE77hpcEhCW6nX53e0Vji9PdI:b1dlZo5yPmSl3bKionhl6nXoyePdI

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks