Overview

overview

10

Static

static

3

1bece69447...18.exe

windows7-x64

10

1bece69447...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bece6944736f83e47c2c073d886060d_JaffaCakes118

  • Size

    1.7MB

  • Sample

    241007-gzfxpatgnb

  • MD5

    1bece6944736f83e47c2c073d886060d

  • SHA1

    ebaf009a7f43710bc2ccf74879a2f43ecebc1ae3

  • SHA256

    af0327730169a6f2fd27fdb41dacf53e2c9a3a489715483b7241c1c9cde7d708

  • SHA512

    878f49f6bf3101c94c31384166e9c273dc909d3f0ea0ec02723089969d896cf96b6e4ac2bc7255ffbdce5699ca70846405b23edbca8d498bb3d924220f1c0ea3

  • SSDEEP

    49152:dULT1uRLs2umRNbS8z4ccNA7XB+QADujUtmfLFkusVr+VO99qrx4:dCsvbS8z4cvTXQujUt5t+U9g

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      1bece6944736f83e47c2c073d886060d_JaffaCakes118

    • Size

      1.7MB

    • MD5

      1bece6944736f83e47c2c073d886060d

    • SHA1

      ebaf009a7f43710bc2ccf74879a2f43ecebc1ae3

    • SHA256

      af0327730169a6f2fd27fdb41dacf53e2c9a3a489715483b7241c1c9cde7d708

    • SHA512

      878f49f6bf3101c94c31384166e9c273dc909d3f0ea0ec02723089969d896cf96b6e4ac2bc7255ffbdce5699ca70846405b23edbca8d498bb3d924220f1c0ea3

    • SSDEEP

      49152:dULT1uRLs2umRNbS8z4ccNA7XB+QADujUtmfLFkusVr+VO99qrx4:dCsvbS8z4cvTXQujUt5t+U9g

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks