Overview

overview

10

Static

static

3

2d74617819...18.exe

windows7-x64

10

2d74617819...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d74617819b957e1c4fe75e6f8528f8f_JaffaCakes118

  • Size

    501KB

  • Sample

    241009-jlztravhmp

  • MD5

    2d74617819b957e1c4fe75e6f8528f8f

  • SHA1

    0234d2da132e33ebffd7fefe2b22241a1ba8066b

  • SHA256

    a4b0f3749c7dbb42c9c7da13eb17304d8377b6b9b7e280441740c7a35e71499f

  • SHA512

    ade23b7e0eeb88197be8e0a9d354a1f6b3fdd6d7c6b66cdce7f78b7ed8f1446694a56d6eb768a7255b567f7f509553c62c49698d810bb82684a36047f9f3f514

  • SSDEEP

    12288:9G2H3+5ac6BH9mUfwjuBA9iC/O9ocmwU9BfrkiR:rHO5aR9mU+uA9Z2ecmwU9BftR

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      2d74617819b957e1c4fe75e6f8528f8f_JaffaCakes118

    • Size

      501KB

    • MD5

      2d74617819b957e1c4fe75e6f8528f8f

    • SHA1

      0234d2da132e33ebffd7fefe2b22241a1ba8066b

    • SHA256

      a4b0f3749c7dbb42c9c7da13eb17304d8377b6b9b7e280441740c7a35e71499f

    • SHA512

      ade23b7e0eeb88197be8e0a9d354a1f6b3fdd6d7c6b66cdce7f78b7ed8f1446694a56d6eb768a7255b567f7f509553c62c49698d810bb82684a36047f9f3f514

    • SSDEEP

      12288:9G2H3+5ac6BH9mUfwjuBA9iC/O9ocmwU9BfrkiR:rHO5aR9mU+uA9Z2ecmwU9BftR

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks