Overview

overview

10

Static

static

3

STARBO~1.exe

windows7-x64

10

STARBO~1.exe

windows10-2004-x64

10

STARBO~1.exe

windows7-x64

10

STARBO~1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33f40d94abd48572cd3af66912a214a2_JaffaCakes118

  • Size

    576KB

  • Sample

    241011-jnr7pasgpa

  • MD5

    33f40d94abd48572cd3af66912a214a2

  • SHA1

    9e00e5ab748bd09e6869733da6e91e8fa19770a1

  • SHA256

    743e857a643a50c700f561148fc96d437fb2b984dce2bc355920802d307b80dd

  • SHA512

    ef7d73c5fe159c25c035634ee848f11ee0c0153d986d729cd147405676e9131a7761014eacae282be4028f2b7ce611d73a278872391d8ea5c735ac4c3d50d25d

  • SSDEEP

    12288:69HlXOu9mUNE7UTapkzjcUMmU8JzSQIskp4xP/vFJjat4NT/iRBPGCQSnP:Ml+uA6E78zjczmLoQInp0lJOtYizPGFo

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      STARBO~1.21

    • Size

      597KB

    • MD5

      869ec2a7bb3df74d133a85505b2b61e4

    • SHA1

      70b6105fc8271dfdca02b294843d4063b771bc4c

    • SHA256

      c5e778dcb831164c406ca2eb08b4a3bf50da668d7d78fb3047e7f0803668fb5d

    • SHA512

      8238d7c40b07994f9fd0bcec76364f7cba35c2c3f3dff13cd6f09c84a4f87c176d174314c1184d2cfd418e40cec6bac6a65495786d2e5bec2cc3dfb0cc37ef08

    • SSDEEP

      12288:lQpnmL7eJR+WPjw9VWF7DuzzCIsDE4xuPvFcjQMc4NT/HRBVGiQS9:+Iqr+kjw98FvMCI8ENVc0McYHzVGlY

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      STARBO~1.EXE

    • Size

      508KB

    • MD5

      40b756d3637d1c053707b1dea7c15f17

    • SHA1

      73cff932c29bc618943dc32fad776db1f30a4cb9

    • SHA256

      a60b019f838ea73393560075d3ce9c5d810db7593b6dc0d52703ec04d4d0ab92

    • SHA512

      8308d29d03f982a6b8787da05a3fbb21206c01fb6db9e31788e03f43575a0edcc38d559ff214436ee37db1f56e93d1f49ba7741679e93f97c11e8d325f08f8b2

    • SSDEEP

      12288:6wN+WPjw9VWF7DuzzCIsDE4xuPvFcjQMc4NT/HRBVGiQS9:j+kjw98FvMCI8ENVc0McYHzVGlY

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks