Overview

overview

10

Static

static

3

4e0f7bb4a9...18.exe

windows7-x64

10

4e0f7bb4a9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4e0f7bb4a9648124da887ec93ca620cd_JaffaCakes118

  • Size

    491KB

  • Sample

    241016-vs2gpsvfrm

  • MD5

    4e0f7bb4a9648124da887ec93ca620cd

  • SHA1

    4e370b3aa1a4aef0eb0d75558e690d8a73e809c1

  • SHA256

    3f2716eb6e609930501a732312c29d32aad258daa39345fbb78a15a49cbce3d9

  • SHA512

    74bbaffaa9c13509060121b45d4dfddff537faee0a79b2eb106110917b5008f36ad7b936439ec16ab47f91689f9110c2fb1577922a5ee6988fbdf6160ee8edd9

  • SSDEEP

    12288:Bpb9tXO1+wyYpjLs39GeCRth4po/oxDJr5g/RA9Mwk:RYyYpjoYT7hoogxD7gZSMwk

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      4e0f7bb4a9648124da887ec93ca620cd_JaffaCakes118

    • Size

      491KB

    • MD5

      4e0f7bb4a9648124da887ec93ca620cd

    • SHA1

      4e370b3aa1a4aef0eb0d75558e690d8a73e809c1

    • SHA256

      3f2716eb6e609930501a732312c29d32aad258daa39345fbb78a15a49cbce3d9

    • SHA512

      74bbaffaa9c13509060121b45d4dfddff537faee0a79b2eb106110917b5008f36ad7b936439ec16ab47f91689f9110c2fb1577922a5ee6988fbdf6160ee8edd9

    • SSDEEP

      12288:Bpb9tXO1+wyYpjLs39GeCRth4po/oxDJr5g/RA9Mwk:RYyYpjoYT7hoogxD7gZSMwk

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks