Overview

overview

10

Static

static

3

245dc58653...18.exe

windows7-x64

10

245dc58653...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    245dc58653953cf075d7a02fc770f39d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241008-ycwhassdmh

  • MD5

    245dc58653953cf075d7a02fc770f39d

  • SHA1

    3ae3962b87744676a66fc030b70a1b592f067e9e

  • SHA256

    b04e5bc637d01985fcd9f1e54408eca9cfe24a255ed23d678e2865c8ca712ca0

  • SHA512

    00cc01d4d04304f9bc183e0977092bdeb628977a4f892d6984a8c1218a2e9913b2a1a06d81a47632d613e7822bb87be5f71fac484cdd23d399af62350bab4179

  • SSDEEP

    24576:5zwTT6QuW9TYkTsEBtVh17TCiOYzrFPzDFGPW2Z7Bd7zTVYYCLmiUU:5z+TsW5XTH5dTCgZlgdn

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      245dc58653953cf075d7a02fc770f39d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      245dc58653953cf075d7a02fc770f39d

    • SHA1

      3ae3962b87744676a66fc030b70a1b592f067e9e

    • SHA256

      b04e5bc637d01985fcd9f1e54408eca9cfe24a255ed23d678e2865c8ca712ca0

    • SHA512

      00cc01d4d04304f9bc183e0977092bdeb628977a4f892d6984a8c1218a2e9913b2a1a06d81a47632d613e7822bb87be5f71fac484cdd23d399af62350bab4179

    • SSDEEP

      24576:5zwTT6QuW9TYkTsEBtVh17TCiOYzrFPzDFGPW2Z7Bd7zTVYYCLmiUU:5z+TsW5XTH5dTCgZlgdn

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks