Overview

overview

10

Static

static

3

51c7e758bb...18.exe

windows7-x64

10

51c7e758bb...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    51c7e758bba99b92263b2237528ba1f5_JaffaCakes118

  • Size

    4.1MB

  • Sample

    241017-mwmtqatgqg

  • MD5

    51c7e758bba99b92263b2237528ba1f5

  • SHA1

    9fda869428a15283480f653eb654aaa573c265b6

  • SHA256

    d2ee792c56a64a68464d287acea5b60e9602baa3b2ab2dab584f31c19f86b73a

  • SHA512

    0a42a7d2ef7126696c34182375b604d06603027633b7febf3c79e9ce53a757b12925e014f590ee69b562c8e76c27d3d8433e9c00dc3a445842ef919f2a379acb

  • SSDEEP

    98304:BSkFZ2qI0mbL/RwoA5bnNITAU18sv+lC3gOYLgqQd3uDa:BeZ0m//E57mvB3VD1Oa

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      51c7e758bba99b92263b2237528ba1f5_JaffaCakes118

    • Size

      4.1MB

    • MD5

      51c7e758bba99b92263b2237528ba1f5

    • SHA1

      9fda869428a15283480f653eb654aaa573c265b6

    • SHA256

      d2ee792c56a64a68464d287acea5b60e9602baa3b2ab2dab584f31c19f86b73a

    • SHA512

      0a42a7d2ef7126696c34182375b604d06603027633b7febf3c79e9ce53a757b12925e014f590ee69b562c8e76c27d3d8433e9c00dc3a445842ef919f2a379acb

    • SSDEEP

      98304:BSkFZ2qI0mbL/RwoA5bnNITAU18sv+lC3gOYLgqQd3uDa:BeZ0m//E57mvB3VD1Oa

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks