Overview

overview

10

Static

static

3

27c22f4b41...18.exe

windows7-x64

10

27c22f4b41...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27c22f4b41642f56efb37490c2e9a2b5_JaffaCakes118

  • Size

    308KB

  • Sample

    241009-atkv5atcrl

  • MD5

    27c22f4b41642f56efb37490c2e9a2b5

  • SHA1

    1099edb77b5ee47b83a50eb23fd0c88e0b95aacd

  • SHA256

    e7d0d55cd52db7b020ebd8409b4aa3a0986e6bf8fa85f4f8f80932e211f82919

  • SHA512

    a6fe76c7e48b82e15992ee81621d17204116c9f2058289daf7d39260b5b84504a843b234a844641288c240dc80d8011b736009c40923638a33c0d9161496c934

  • SSDEEP

    6144:tG62ouiuWc+RNFhDSE7IBKgQagm1cRxDdqKrHFXDl7HgUVkOeEZeFHlm8qbNoS:t0+RRtIBmaPeD/bJB7Vs1pl8

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      27c22f4b41642f56efb37490c2e9a2b5_JaffaCakes118

    • Size

      308KB

    • MD5

      27c22f4b41642f56efb37490c2e9a2b5

    • SHA1

      1099edb77b5ee47b83a50eb23fd0c88e0b95aacd

    • SHA256

      e7d0d55cd52db7b020ebd8409b4aa3a0986e6bf8fa85f4f8f80932e211f82919

    • SHA512

      a6fe76c7e48b82e15992ee81621d17204116c9f2058289daf7d39260b5b84504a843b234a844641288c240dc80d8011b736009c40923638a33c0d9161496c934

    • SSDEEP

      6144:tG62ouiuWc+RNFhDSE7IBKgQagm1cRxDdqKrHFXDl7HgUVkOeEZeFHlm8qbNoS:t0+RRtIBmaPeD/bJB7Vs1pl8

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks