Overview

overview

10

Static

static

3

212f470ff2...18.exe

windows7-x64

10

212f470ff2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    212f470ff29e79332f622b7417b6795b_JaffaCakes118

  • Size

    273KB

  • Sample

    241008-m48fdszcrg

  • MD5

    212f470ff29e79332f622b7417b6795b

  • SHA1

    db26c7ffe58d29725f00abe8f4b2e464b1a875d1

  • SHA256

    e4764c8c8cfb26192cb174f1d9405fb27981f171fca54dc358b3f1aca8578ad3

  • SHA512

    914bb8b77888852faa2c96f9a24ae9d2c178e502e1210f9e87a3330fcc2bf58b1a4548fe70db002d69b97e5ec936c8566f09e3956e9184e1a6e900caccc2a9cd

  • SSDEEP

    6144:4rQ6NkJpBTqVKrjNNwR9h0DRINA9jxJ1ba/SqDUvayw/:4rQZJpE+Aw71QDUC5

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      212f470ff29e79332f622b7417b6795b_JaffaCakes118

    • Size

      273KB

    • MD5

      212f470ff29e79332f622b7417b6795b

    • SHA1

      db26c7ffe58d29725f00abe8f4b2e464b1a875d1

    • SHA256

      e4764c8c8cfb26192cb174f1d9405fb27981f171fca54dc358b3f1aca8578ad3

    • SHA512

      914bb8b77888852faa2c96f9a24ae9d2c178e502e1210f9e87a3330fcc2bf58b1a4548fe70db002d69b97e5ec936c8566f09e3956e9184e1a6e900caccc2a9cd

    • SSDEEP

      6144:4rQ6NkJpBTqVKrjNNwR9h0DRINA9jxJ1ba/SqDUvayw/:4rQZJpE+Aw71QDUC5

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks