ardamax | 1e4a463ac0d463cee1f52f9529474484157c85d671aea1ab5f4173df12de01b6 | Triage

Sharing

General

Target

339ae4ce820cda75bbb363b2ed1c06fd_JaffaCakes118
Size

473KB
Sample

241011-gyxttavajk
MD5

339ae4ce820cda75bbb363b2ed1c06fd
SHA1

62399c6102cc98ed66cbcd88a63ff870cf7b2100
SHA256

1e4a463ac0d463cee1f52f9529474484157c85d671aea1ab5f4173df12de01b6
SHA512

5da8b333a839c4b169c6f4c9a1929918f166a895af7818c8223df7ed22279aac3b6ef88f89ee083a4f475f82ec6078f8e9800a9afc9547712245d090636a284a
SSDEEP

6144:mMuyXQ7QiWuEKOc+/6DbhheNkOj5198kp20w1/CV2ZNYxElAb:3bQ7QiWN6D/Od19E0LLb

Score

10^/10

ardamax discovery persistence

Malware Config

Targets

- Target
  
  339ae4ce820cda75bbb363b2ed1c06fd_JaffaCakes118
- Size
  
  473KB
- MD5
  
  339ae4ce820cda75bbb363b2ed1c06fd
- SHA1
  
  62399c6102cc98ed66cbcd88a63ff870cf7b2100
- SHA256
  
  1e4a463ac0d463cee1f52f9529474484157c85d671aea1ab5f4173df12de01b6
- SHA512
  
  5da8b333a839c4b169c6f4c9a1929918f166a895af7818c8223df7ed22279aac3b6ef88f89ee083a4f475f82ec6078f8e9800a9afc9547712245d090636a284a
- SSDEEP
  
  6144:mMuyXQ7QiWuEKOc+/6DbhheNkOj5198kp20w1/CV2ZNYxElAb:3bQ7QiWN6D/Od19E0LLb
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence