Overview

overview

10

Static

static

3

Masturbaca...a2.exe

windows7-x64

10

Masturbaca...a2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    231a25309c53fc071ba5991004a2b777_JaffaCakes118

  • Size

    2.5MB

  • Sample

    241008-wlymxasfmf

  • MD5

    231a25309c53fc071ba5991004a2b777

  • SHA1

    4f9ba9c550071aec3bf2f443ebd964e0ea015569

  • SHA256

    0905fb0fb07c0acddc290e20cdb28723c66520709caad763d9621b5e0101a118

  • SHA512

    094392cc82295f31d71e5f32e46cf4b47d39e8192177dcab8a9a9ebecc22851fa55e26982390e2ff645c171c137c6b2e6388c930715af064c643f1757022c9cb

  • SSDEEP

    49152:XFKUD1kgnEQ6hmZMeIy4/IoYO16SEXwikY/HDCPrkopv9sjanRTKphHttVxQCHmH:XFzGmZMUV9O16SCkzTkop0anRT45VHmH

Score
10/10
ardamaxdiscoverykeyloggerlinkpdfpersistencestealer

Malware Config

Targets

    • Target

      MasturbacaoFeminina2.exe

    • Size

      3.2MB

    • MD5

      0ac08d19b395d553f50168235f7c7ed0

    • SHA1

      1a9b02b39fe52066db32e233b541f2b0db68cb23

    • SHA256

      4aa09fa0529beb0d2096a1aa86cf4111cfff56b479a4048e8dcd13b937c7c0c7

    • SHA512

      9a65bad63e1da4a8d6c2567eb71733b318cb68f0eebbe6a1ef3eb0cbbea50b63a1649a80d6e5253de17964a3e3a7150dca5faef01c171bd95aacb5f4a26b7d9a

    • SSDEEP

      98304:R57Up17aZGruoEinbe6xKpCxlronCUsvm:DweWuoDDKgxpoU

    Score
    10/10
    ardamaxdiscoverykeyloggerlinkpdfpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks