Overview

overview

10

Static

static

3

510afeb402...18.exe

windows7-x64

10

510afeb402...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    510afeb402bc03efe79596d529260b0f_JaffaCakes118

  • Size

    523KB

  • Sample

    241017-g51jaayhjr

  • MD5

    510afeb402bc03efe79596d529260b0f

  • SHA1

    ae9672a0cfc1f0ac3c4dbf699db25970cba7cf22

  • SHA256

    a1de47b16a2c5dfa09db010ea6170b2df248697caa6221298c8a7585e9778d0d

  • SHA512

    7e7b75f88955ed4deec31d5922d2cfcab3151439970b8b4c0884cfa5ec48187ae7025d251d5e179818e573b4a167a491b1c23843004a67b7d49a7ae0f803a69e

  • SSDEEP

    12288:IjRUTV5nXGNwBKSiI6zdylJcoDUYIKoxzeIfxy9oK6yBYFx2q:ZTV5nVBRWzAFDZEzeIfxy9oK6H3

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      510afeb402bc03efe79596d529260b0f_JaffaCakes118

    • Size

      523KB

    • MD5

      510afeb402bc03efe79596d529260b0f

    • SHA1

      ae9672a0cfc1f0ac3c4dbf699db25970cba7cf22

    • SHA256

      a1de47b16a2c5dfa09db010ea6170b2df248697caa6221298c8a7585e9778d0d

    • SHA512

      7e7b75f88955ed4deec31d5922d2cfcab3151439970b8b4c0884cfa5ec48187ae7025d251d5e179818e573b4a167a491b1c23843004a67b7d49a7ae0f803a69e

    • SSDEEP

      12288:IjRUTV5nXGNwBKSiI6zdylJcoDUYIKoxzeIfxy9oK6yBYFx2q:ZTV5nVBRWzAFDZEzeIfxy9oK6H3

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks