Overview

overview

10

Static

static

3

4ef708812a...18.exe

windows7-x64

10

4ef708812a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ef708812af1e63df7275a8789729603_JaffaCakes118

  • Size

    3.5MB

  • Sample

    241016-zn52jswbkn

  • MD5

    4ef708812af1e63df7275a8789729603

  • SHA1

    bcaccfa513f7fbd846d524c6c2234dc0108aa854

  • SHA256

    0a39f47d1752afc54fc62f09161f568624de3525dffd811ee3a793618846771a

  • SHA512

    900e4c7ee079ad9ca7481e2c960c958c11dc6392c112b233322eb846d34a627ff87b12fb16fc1db2531c73edb57f268a89731f72be0b0c404e7a78a43a668988

  • SSDEEP

    98304:L/LLXaagzX7WMT286/LLXaagzX7WMT286/LLXaagzX7WMT28:LHidqFHidqFHidq

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      4ef708812af1e63df7275a8789729603_JaffaCakes118

    • Size

      3.5MB

    • MD5

      4ef708812af1e63df7275a8789729603

    • SHA1

      bcaccfa513f7fbd846d524c6c2234dc0108aa854

    • SHA256

      0a39f47d1752afc54fc62f09161f568624de3525dffd811ee3a793618846771a

    • SHA512

      900e4c7ee079ad9ca7481e2c960c958c11dc6392c112b233322eb846d34a627ff87b12fb16fc1db2531c73edb57f268a89731f72be0b0c404e7a78a43a668988

    • SSDEEP

      98304:L/LLXaagzX7WMT286/LLXaagzX7WMT286/LLXaagzX7WMT28:LHidqFHidqFHidq

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks