Overview

overview

10

Static

static

3

6a2425dcbc...18.exe

windows7-x64

10

6a2425dcbc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a2425dcbc25cc2cc5fbfdab046abe43_JaffaCakes118

  • Size

    1.2MB

  • Sample

    241022-m2f85a1fka

  • MD5

    6a2425dcbc25cc2cc5fbfdab046abe43

  • SHA1

    42ed8ab4fc1a20cd8267f9b7558cf5b34f824bbd

  • SHA256

    7bae8da7bce876de9663f8520aa736fd7f4c64965019e3b1d5cef2a0e6bd8df7

  • SHA512

    eeff2921b4b5e4beb831a9fa81e9f6108fa774ee4e7bef0eb84c7bb0fac06c68bb9451b38a265e8fafe97a5bfe84f9814e2c115b0f1d87967a0e738e2351da31

  • SSDEEP

    24576:A0NzTbScp2/w2W63E0Oc/E9C5K0MOuRrEcyogmrzvtdylymbr5Ol/4J:A0pT2hR/Ekc7rENy3ldKymP5O

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      6a2425dcbc25cc2cc5fbfdab046abe43_JaffaCakes118

    • Size

      1.2MB

    • MD5

      6a2425dcbc25cc2cc5fbfdab046abe43

    • SHA1

      42ed8ab4fc1a20cd8267f9b7558cf5b34f824bbd

    • SHA256

      7bae8da7bce876de9663f8520aa736fd7f4c64965019e3b1d5cef2a0e6bd8df7

    • SHA512

      eeff2921b4b5e4beb831a9fa81e9f6108fa774ee4e7bef0eb84c7bb0fac06c68bb9451b38a265e8fafe97a5bfe84f9814e2c115b0f1d87967a0e738e2351da31

    • SSDEEP

      24576:A0NzTbScp2/w2W63E0Oc/E9C5K0MOuRrEcyogmrzvtdylymbr5Ol/4J:A0pT2hR/Ekc7rENy3ldKymP5O

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks