Overview

overview

10

Static

static

3

453f68c9d9...18.exe

windows7-x64

10

453f68c9d9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    453f68c9d9a808022fce0ddaa0ce3612_JaffaCakes118

  • Size

    564KB

  • Sample

    241015-cbzmnssbnn

  • MD5

    453f68c9d9a808022fce0ddaa0ce3612

  • SHA1

    e2b987661704fdf7f902b385a3b24c6ab4f6296a

  • SHA256

    e1119169e982255f08a1184a8da59b4eb10232131a3ae773df77f2f7ac404c00

  • SHA512

    f6f447ffa4e288a8ba99389147603364b0edf6c8d59f9f05d5087c13b3e51cb8d64b9cf47c879704900f1dd9caa49bc48e6616150a68fbcb515b8c82b9642722

  • SSDEEP

    12288:1hq/CZhbmlqkJFNlV+40GcNtobu1xZZw3fvSVN4OMwUD5y7wc9xd/twNC:HRZhbmlqkJFNv+HGXbu1Gvv6N3Gowc9p

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      453f68c9d9a808022fce0ddaa0ce3612_JaffaCakes118

    • Size

      564KB

    • MD5

      453f68c9d9a808022fce0ddaa0ce3612

    • SHA1

      e2b987661704fdf7f902b385a3b24c6ab4f6296a

    • SHA256

      e1119169e982255f08a1184a8da59b4eb10232131a3ae773df77f2f7ac404c00

    • SHA512

      f6f447ffa4e288a8ba99389147603364b0edf6c8d59f9f05d5087c13b3e51cb8d64b9cf47c879704900f1dd9caa49bc48e6616150a68fbcb515b8c82b9642722

    • SSDEEP

      12288:1hq/CZhbmlqkJFNlV+40GcNtobu1xZZw3fvSVN4OMwUD5y7wc9xd/twNC:HRZhbmlqkJFNv+HGXbu1Gvv6N3Gowc9p

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks