Overview

overview

10

Static

static

3

459d3ef08c...18.exe

windows7-x64

10

459d3ef08c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    459d3ef08cbd13d3f507b70011946ebd_JaffaCakes118

  • Size

    271KB

  • Sample

    241015-d1hacssdjb

  • MD5

    459d3ef08cbd13d3f507b70011946ebd

  • SHA1

    b8d404f943f8e1efcec66484fb741af3c661b977

  • SHA256

    0ab54d015d10e0e797ab062f44f0d4de9e23597d49e29a113ac781647f535ff3

  • SHA512

    749ed9d163a641ce85aaabeabc9b0287a593356fe340e5cda621bff790e9d53670b3137de80b68b39f44b0fbd057417eb182676e0028e71ed566985994209d4d

  • SSDEEP

    6144:+lG6AfdlImElR2k4+3Feywr7IPYOJ8G+dQhRZMcDOSJ8XitXF9NtOZ:+lkiZ32kBVO7oJaUeSJ8St1QZ

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      459d3ef08cbd13d3f507b70011946ebd_JaffaCakes118

    • Size

      271KB

    • MD5

      459d3ef08cbd13d3f507b70011946ebd

    • SHA1

      b8d404f943f8e1efcec66484fb741af3c661b977

    • SHA256

      0ab54d015d10e0e797ab062f44f0d4de9e23597d49e29a113ac781647f535ff3

    • SHA512

      749ed9d163a641ce85aaabeabc9b0287a593356fe340e5cda621bff790e9d53670b3137de80b68b39f44b0fbd057417eb182676e0028e71ed566985994209d4d

    • SSDEEP

      6144:+lG6AfdlImElR2k4+3Feywr7IPYOJ8G+dQhRZMcDOSJ8XitXF9NtOZ:+lkiZ32kBVO7oJaUeSJ8St1QZ

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks