ardamax | c580f1437a5bfd8d6bb7ffb7ca6b0e560ec8453c4a6ce356b19429a09c0bd653 | Triage

Sharing

General

Target

237ee27dfb8638589cbb8730bae98e98_JaffaCakes118
Size

540KB
Sample

241008-w65lyssbrn
MD5

237ee27dfb8638589cbb8730bae98e98
SHA1

f862bcc281590f347a5b9659f99b5d54a3f3b7be
SHA256

c580f1437a5bfd8d6bb7ffb7ca6b0e560ec8453c4a6ce356b19429a09c0bd653
SHA512

0537519a30bc704a6029fe6cf1d9c9db2930db94efa13017c91c34d3e3eeb4431f87ee54a01cea4a7e5d6e9e65b547ad510aa60fca7fc6c0993b976c319f2441
SSDEEP

6144:lNOM9kpW7eCoPn8OXPXFli5bL/vlObEtpRxqbXuZDy/qV5N8TtAfM8:laceCoPnD9lO/NBzRSurB

Score

10^/10

ardamax discovery persistence

Malware Config

Targets

- Target
  
  237ee27dfb8638589cbb8730bae98e98_JaffaCakes118
- Size
  
  540KB
- MD5
  
  237ee27dfb8638589cbb8730bae98e98
- SHA1
  
  f862bcc281590f347a5b9659f99b5d54a3f3b7be
- SHA256
  
  c580f1437a5bfd8d6bb7ffb7ca6b0e560ec8453c4a6ce356b19429a09c0bd653
- SHA512
  
  0537519a30bc704a6029fe6cf1d9c9db2930db94efa13017c91c34d3e3eeb4431f87ee54a01cea4a7e5d6e9e65b547ad510aa60fca7fc6c0993b976c319f2441
- SSDEEP
  
  6144:lNOM9kpW7eCoPn8OXPXFli5bL/vlObEtpRxqbXuZDy/qV5N8TtAfM8:laceCoPnD9lO/NBzRSurB
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence