Overview

overview

10

Static

static

3

SRO_CL~1.exe

windows7-x64

10

SRO_CL~1.exe

windows10-2004-x64

10

SRO_CL~2.exe

windows7-x64

3

SRO_CL~2.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69b093070990da60720fe060a962dc57_JaffaCakes118

  • Size

    2.6MB

  • Sample

    241022-kd25ksyblq

  • MD5

    69b093070990da60720fe060a962dc57

  • SHA1

    d422dbbcde4cab67e0936dbf628d0506a0160e68

  • SHA256

    af9867a82447da89f505969d598cd932e13b6cd7d816fb85d74b2cd6d42beeb9

  • SHA512

    ab6ef88f558a0847bf93f95ece81890052fbc81dcbac3cc39b440cf43ba13704d5eec1c0251b3f2f780a5ba289a75ae9afd5c3622c3247c9586434e35d24cf57

  • SSDEEP

    49152:wZqad90kec8KqgDeNMwIX0b6nt98X5VC3a51q9SG6QRVeYVeL1:6n90RHNMwIXXtipY3aOMceCeL1

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      SRO_CL~1.EXE

    • Size

      498KB

    • MD5

      04892d71d3e228351d87a46455624563

    • SHA1

      d4ce40f736e1e14b7e6f62367950b0fd576ec8cf

    • SHA256

      d3b1d3423f20f40965f3a9be0eb431d042d4d6bb3a48ae80550a4d785ac7cefd

    • SHA512

      f6c069298c78c07cc1f70193035a133c76ec62b29dd29d7dc27c273814b8c376c9ae1eae821a27f744c91050b7474faf5753c65abf020b0a778442a9e78a6d3a

    • SSDEEP

      12288:TdNee6NQzAR9x6X8neXXWv+l0jUcBZopSvxpd6Yi:OiAR9ZeXm2W3BKpSp6X

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

    • Target

      SRO_CL~2.EXE

    • Size

      8.7MB

    • MD5

      74b6f399637e99e1ecc3034768bc7259

    • SHA1

      f9e9f9b5fca4514dd78348cab5683848715b12a2

    • SHA256

      466510b1163467ab97b35789b2ebcd1ca9c04d6b587c12df82584a3c1aa18492

    • SHA512

      4c026da2e4a5c0b387139255bb27bcaf52949bdbc56d8b153eb16972fd4f00424681849ecbd0e3eed32827753e7ca61e7202a163be30beab4f5016f3ff722c14

    • SSDEEP

      98304:58jjoIZ88AC+GrB8mCJmVCi1g5RlgPHDN8u/0CJffq9YKobGed72rpy2sW4c7WMj:Tpo++B8mtVpFh9Jn2VCc7WSxhCLHk

    Score
    3/10
    discovery
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks