Overview

overview

10

Static

static

3

305b6e0dd2...18.exe

windows7-x64

10

305b6e0dd2...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    305b6e0dd22b0c5b1195723281aacf0d_JaffaCakes118

  • Size

    488KB

  • Sample

    241010-rwgd6azgkg

  • MD5

    305b6e0dd22b0c5b1195723281aacf0d

  • SHA1

    273fd3f84c71057d26d514d950a0904669430a76

  • SHA256

    ccc24c383576a3bf83b8199b3847b54693d80cb0da775828cc01e437f3a6f3fa

  • SHA512

    262baf1ca3a235e1a5e29f54dfea05350b39dd52c85bfebd9733b5333fcaa3ae712de9afe2140711d91b44bed3d170c3bd53404457487c517474df11dede179b

  • SSDEEP

    12288:Sr/4tOux9XWPFw4+MO24HEa8/8SE96Dk6eShDC/Zp3Pe9:rOYuFw4+Iu6Dk6HObe9

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      305b6e0dd22b0c5b1195723281aacf0d_JaffaCakes118

    • Size

      488KB

    • MD5

      305b6e0dd22b0c5b1195723281aacf0d

    • SHA1

      273fd3f84c71057d26d514d950a0904669430a76

    • SHA256

      ccc24c383576a3bf83b8199b3847b54693d80cb0da775828cc01e437f3a6f3fa

    • SHA512

      262baf1ca3a235e1a5e29f54dfea05350b39dd52c85bfebd9733b5333fcaa3ae712de9afe2140711d91b44bed3d170c3bd53404457487c517474df11dede179b

    • SSDEEP

      12288:Sr/4tOux9XWPFw4+MO24HEa8/8SE96Dk6eShDC/Zp3Pe9:rOYuFw4+Iu6Dk6HObe9

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks