Overview

overview

10

Static

static

3

48bf7b74c3...18.exe

windows7-x64

10

48bf7b74c3...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48bf7b74c394e8fe3defa968f2a79101_JaffaCakes118

  • Size

    3.9MB

  • Sample

    241015-tk3jcsxgpm

  • MD5

    48bf7b74c394e8fe3defa968f2a79101

  • SHA1

    882690453266998fbb3422bad49a4963de99bc1b

  • SHA256

    e9fcaa8f7becfa05cba3449a8b71bbe11f7b12d1188e8ef63c0a60cc2cddd8f1

  • SHA512

    25c05c168e9893bbc25a4ff3508c83206dac64c419fb06ad0bb22a05da30f723ed9160d2a097c83dab3564fbb9f3f969a8958797e26f56349e3680ab6c8c4fcb

  • SSDEEP

    98304:UTLPcAEERmZnWgRLBsHUh0y6ASJGxOQP4t:ULPp72Wc2HUn6VJGxDAt

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      48bf7b74c394e8fe3defa968f2a79101_JaffaCakes118

    • Size

      3.9MB

    • MD5

      48bf7b74c394e8fe3defa968f2a79101

    • SHA1

      882690453266998fbb3422bad49a4963de99bc1b

    • SHA256

      e9fcaa8f7becfa05cba3449a8b71bbe11f7b12d1188e8ef63c0a60cc2cddd8f1

    • SHA512

      25c05c168e9893bbc25a4ff3508c83206dac64c419fb06ad0bb22a05da30f723ed9160d2a097c83dab3564fbb9f3f969a8958797e26f56349e3680ab6c8c4fcb

    • SSDEEP

      98304:UTLPcAEERmZnWgRLBsHUh0y6ASJGxOQP4t:ULPp72Wc2HUn6VJGxDAt

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks