Overview

overview

10

Static

static

3

282a19de1d...18.exe

windows7-x64

10

282a19de1d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    282a19de1d4d9125d11624a93259a1ce_JaffaCakes118

  • Size

    479KB

  • Sample

    241009-bfannswglp

  • MD5

    282a19de1d4d9125d11624a93259a1ce

  • SHA1

    47cce56b0b7cd46444f540f7aa39b24f2ae30d24

  • SHA256

    b5eb7da174ca63c037a6451d263c446bfa1ee91924e5dae1ab1730646a795eec

  • SHA512

    05457a20d6f7d740c0fb80894420d3a80de90a3e65f578b0d2d9120fcfbe139949ba554fdd1ea2e0b3db70866bf0de4a94c2fe80d545f3ddf26f83e34ca381f2

  • SSDEEP

    12288:V28zSu2Kmwc8aB1a3xk5KjkxLbVqttODXDwsbopo:JzmR7BsBjjkNUtt6XDHbN

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      282a19de1d4d9125d11624a93259a1ce_JaffaCakes118

    • Size

      479KB

    • MD5

      282a19de1d4d9125d11624a93259a1ce

    • SHA1

      47cce56b0b7cd46444f540f7aa39b24f2ae30d24

    • SHA256

      b5eb7da174ca63c037a6451d263c446bfa1ee91924e5dae1ab1730646a795eec

    • SHA512

      05457a20d6f7d740c0fb80894420d3a80de90a3e65f578b0d2d9120fcfbe139949ba554fdd1ea2e0b3db70866bf0de4a94c2fe80d545f3ddf26f83e34ca381f2

    • SSDEEP

      12288:V28zSu2Kmwc8aB1a3xk5KjkxLbVqttODXDwsbopo:JzmR7BsBjjkNUtt6XDHbN

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks