Overview

overview

10

Static

static

7

Ardamax_Ke...ch.exe

windows7-x64

10

Ardamax_Ke...ch.exe

windows10-2004-x64

10

Ardamax_Ke...kl.exe

windows7-x64

7

Ardamax_Ke...kl.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows7-x64

5

$PLUGINSDI...ol.dll

windows10-2004-x64

5

$PLUGINSDI...ll.dll

windows7-x64

3

$PLUGINSDI...ll.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

lzma.exe

windows7-x64

1

lzma.exe

windows10-2004-x64

3

使用帮助.url

windows7-x64

1

使用帮助.url

windows10-2004-x64

1

访问下�...��.url

windows7-x64

1

访问下�...��.url

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31d64092e6f828ff51c35430b720089a_JaffaCakes118

  • Size

    1.5MB

  • Sample

    241010-zytq9sscjp

  • MD5

    31d64092e6f828ff51c35430b720089a

  • SHA1

    01ee6e91ac70c18ec5f3cfbb2f01313a9ea9fd0d

  • SHA256

    8fa8f3edd9507da214ad4ea3dc324c173a6c9f7b0ad18040955091f38fbc9934

  • SHA512

    68df0fec7b162f63280ab42037f0bf564dfb4f2bb198567e89e316113fb72427b261cd8af4f629ea210cb81feff6cff10f588b24b0e02a276730fbfe362f1b25

  • SSDEEP

    49152:vsJBEY2cJcQH7WPqUW8SxI0m6K4P8GgFRbvg8hA:vsJBE+JX0qiSxI76jPmFBbhA

Score
10/10
ardamaxdiscoverykeyloggerstealerupx

Malware Config

Targets

    • Target

      Ardamax_Keylogger/ardamax.keylogger.4.0.1-patch.exe

    • Size

      65KB

    • MD5

      983c399ee7666ed813e71de38bf93503

    • SHA1

      b03932d60a35ae9e34420688c747bb1179f67ecd

    • SHA256

      095ecd089ef17cab0c6194b3485994e99feeca15813258d1716c709b31911d0b

    • SHA512

      51b6157f159b7e5791953f5acd3de7abbc3b9ffea4c9a31c667fcf252b1821c789249a4934145ee25d8ef04a63e45de650f6ff3eb218251c880af83dfa6b0ac4

    • SSDEEP

      1536:3m1htAC0rCfr2jFeV7NNpYSmfYjSukons6m9eU:36AC8CyjAN/YSko2o

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer
    behavioral1behavioral2

    • Target

      Ardamax_Keylogger/install_akl.exe

    • Size

      1.5MB

    • MD5

      a3dc14d015725f199bccbecf8bd73501

    • SHA1

      41bab91889fe2455eed3626e3aa7a4e8c5cfa33b

    • SHA256

      90827393d6025ff1d85877ac5bc662b524bcff7a700fd55d4da606fbb349b944

    • SHA512

      5871b7490cf8a2db15c7b55766289d2df6081e4353e604e8dad9abac7f7eacff83344c7da25fd1e345f1e826f036f999b06279c286d97275d1c0c2b80ad8d805

    • SSDEEP

      24576:sX+kKRjb2XRA9jSrfGlDnYtbGVKGhFRVAP1ZUw6kOS5dG4GKuQ0:4pKRH2oSrfIDn4yVKGbRu9ZU5kOS5cFz

    Score
    7/10
    discovery

    • Loads dropped DLL

    behavioral3behavioral4

    • Target

      $PLUGINSDIR/AccessControl.dll

    • Size

      8KB

    • MD5

      9f1a88b953fd2a2c23b09703b253186c

    • SHA1

      29d5a5a24e7f782a07e9f5d2ec1d1a6218fec737

    • SHA256

      8a8f5bafc105186c85f14e017ab6da33ae8f88a9635e51756f90b6d95381d80d

    • SHA512

      10b3a812c92b7324bddcd23adf923fcaec2532f31bdd9fbf17494fc33f99aa0a0a48b94f1fdd6599fa0189567626a90b324a1d132bf9cb8b00a6afc547e64018

    • SSDEEP

      192:RmcLe8uWVNz5ZalBK/7rUlYg5q5LcywvX5:RJdNzMKXUlYg5qPq5

    Score
    5/10
    discoveryupx

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/DcryptDll.dll

    • Size

      14KB

    • MD5

      904beebec2790ee2ca0c90fc448ac7e0

    • SHA1

      40fabf1eb0a3b7168351c4514c5288216cb1566d

    • SHA256

      f730d9385bf72eac5d579bcf1f7e4330f1d239ca1054d4ead48e9e363d9f4222

    • SHA512

      8bdbbaaf73e396cf9fd9866b3e824b7e70c59a2bdefdb3236387e60d0e645d011265fe79fb193f6c0d6abe2e9c01260720c71cd8f068fcc4624760511c54efaa

    • SSDEEP

      192:apY9VuCnNCbs8dNyHdrvr5T1KEtx/9ehuhiDTUkSv/DxRyeHk51I7n13Xm:aptMNUjyVvGWxauhiDDS3DnyK7nF

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      $PLUGINSDIR/System.dll

    • Size

      11KB

    • MD5

      c17103ae9072a06da581dec998343fc1

    • SHA1

      b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

    • SHA256

      dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

    • SHA512

      d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

    • SSDEEP

      192:7DKnJZCv6VmbJQC+tFiUdK7ckD4gRXKQx+LQ2CSF:7ViJrtFRdbmXK8+PCw

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      431e5b960aa15af5d153bae6ba6b7e87

    • SHA1

      e090c90be02e0bafe5f3d884c0525d8f87b3db40

    • SHA256

      a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13

    • SHA512

      f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8

    • SSDEEP

      192:vIARvmFvcukSWn8EAKVZ8148Dj33RZgqWVWYuOUEjRuFzEun0J:v2mukSe8EA88pRZAVWYuO3cFznny

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      $PLUGINSDIR/nsDialogs.dll

    • Size

      9KB

    • MD5

      c10e04dd4ad4277d5adc951bb331c777

    • SHA1

      b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

    • SHA256

      e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

    • SHA512

      853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

    • SSDEEP

      96:hBABCcnl5TKhkfLxSslykcxM2DjDf3GE+Xv8Xav+Yx4VndY7ndS27gA:h6n+0SAfRE+/8ZYxMdqn420

    Score
    3/10
    discovery
    behavioral13behavioral14

    • Target

      $PLUGINSDIR/nsExec.dll

    • Size

      6KB

    • MD5

      acc2b699edfea5bf5aae45aba3a41e96

    • SHA1

      d2accf4d494e43ceb2cff69abe4dd17147d29cc2

    • SHA256

      168a974eaa3f588d759db3f47c1a9fdc3494ba1fa1a73a84e5e3b2a4d58abd7e

    • SHA512

      e29ea10ada98c71a18273b04f44f385b120d4e8473e441ce5748cfa44a23648814f2656f429b85440157988c88de776c6ac008dc38bf09cbb746c230a46c69fe

    • SSDEEP

      96:M7GUb+YNfwgcr8zyKwZ5S4JxN8BS0ef9/3VI9d0qqyVgNk32E:eKgfwgcr8zylsB49Ud0qJVgNX

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      Uninstall.exe

    • Size

      51KB

    • MD5

      3c88339bf3073a576c06b73877a5022f

    • SHA1

      05d3626d513bae59c6c0a990d6c7f4d9896ed33a

    • SHA256

      7b08feffe9893a2e2cd34e1521a9b719ca0e6b5e4e39e081cd48cf4aa77a9dcc

    • SHA512

      c3741588cb0e5721c648eab7fda5d493d7c14428d6dd18162deaedf321277ddc06aae2d4aff1941fdcd8174a50532bc147e0fa02a57e47009ff34c4f254b0a63

    • SSDEEP

      1536:wLXB65939tY6HBg4sXJJle7BCGl1VhzDRE9U+idV2:wLk395hYXJ7WBXTve9WD2

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral17behavioral18

    • Target

      $PLUGINSDIR/UAC.dll

    • Size

      13KB

    • MD5

      431e5b960aa15af5d153bae6ba6b7e87

    • SHA1

      e090c90be02e0bafe5f3d884c0525d8f87b3db40

    • SHA256

      a6d956f28c32e8aa2ab2df13ef52637e23113fab41225031e7a3d47390a6cf13

    • SHA512

      f1526c7e4d0fce8ab378e43e89aafb1d7e9d57ef5324501e804091e99331dd2544912181d6d4a07d30416fe17c892867c593aee623834935e11c7bb385c6a0a8

    • SSDEEP

      192:vIARvmFvcukSWn8EAKVZ8148Dj33RZgqWVWYuOUEjRuFzEun0J:v2mukSe8EA88pRZAVWYuO3cFznny

    Score
    3/10
    discovery
    behavioral19behavioral20

    • Target

      lzma.exe

    • Size

      63KB

    • MD5

      1c4d758c0954e843d2fa22703f653421

    • SHA1

      d577e6f63cb53f5f68f094b9fbaefe5b0087e933

    • SHA256

      f776415281ed68268577142b60839d0937c112be1ba0fb8470f5a387afc3ba62

    • SHA512

      5b8c02473b8f57d243cac5ae1f5381a9a1dbd55bc976a172f36060b2d0c2ad80d4f956cd38d4ba7434b9b27583e0e753bcdb8b4772c1c54e926b365c90357c3e

    • SSDEEP

      1536:ax7F8DW6pErklzKbDir++/McTJctWOrLRCIbDO+9a:akDWTrMKb2MFQCRCIe+4

    Score
    3/10
    discovery
    behavioral21behavioral22

    • Target

      使用帮助.url

    • Size

      76B

    • MD5

      b40746c4151258c02d4385384bb2de55

    • SHA1

      e73817507ee98c1fd336fff9a2c81d480f10f864

    • SHA256

      03991da7e8952e1e99fad84d892479d27c74bf5a11434dd1b448ecb70c4d6473

    • SHA512

      c5362d0ac0309c88311a33f91f6652d716edc30d15a45c0900e2052faf916bbab5f26245fb3d1ceec76128b3b8ab8f97f98309bb4337408e685a549464612fd7

    Score
    1/10
    behavioral23behavioral24

    • Target

      访问下载之家.url

    • Size

      76B

    • MD5

      b40746c4151258c02d4385384bb2de55

    • SHA1

      e73817507ee98c1fd336fff9a2c81d480f10f864

    • SHA256

      03991da7e8952e1e99fad84d892479d27c74bf5a11434dd1b448ecb70c4d6473

    • SHA512

      c5362d0ac0309c88311a33f91f6652d716edc30d15a45c0900e2052faf916bbab5f26245fb3d1ceec76128b3b8ab8f97f98309bb4337408e685a549464612fd7

    Score
    1/10
    behavioral25behavioral26

MITRE ATT&CK Enterprise v15

Tasks

static1

upx
Score
7/10

behavioral1

ardamaxdiscoverykeyloggerstealer
Score
10/10

behavioral2

ardamaxdiscoverykeyloggerstealer
Score
10/10

behavioral3

discovery
Score
7/10

behavioral4

discovery
Score
7/10

behavioral5

discoveryupx
Score
5/10

behavioral6

discoveryupx
Score
5/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
3/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
7/10

behavioral18

discovery
Score
7/10

behavioral19

discovery
Score
3/10

behavioral20

discovery
Score
3/10

behavioral21

Score
1/10

behavioral22

discovery
Score
3/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10