Overview

overview

10

Static

static

3

70cd338e49...18.exe

windows7-x64

10

70cd338e49...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70cd338e49baff8e2b3caac096d98f47_JaffaCakes118

  • Size

    503KB

  • Sample

    241023-zt66sszaqf

  • MD5

    70cd338e49baff8e2b3caac096d98f47

  • SHA1

    3ae94ab1c833ce38c10728bdd90734e28f7ab06b

  • SHA256

    e5f370f790277e449c28a348d0bedd994b851af050c450b76ee3c1b78a63a4ac

  • SHA512

    5c64f48a5798ad4e70f0819b1fd7b9c3cd099d32763fded269abf0f20a427bbdc013966172d062036041a8d5645d171b43b70e2e3188a921648608786cc59f4a

  • SSDEEP

    12288:/ZB/FSf6NxmGjP+vqyWslUxwC3iyMMrFbP1:L0AmGP+vqyWwUxwOipMrd9

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      70cd338e49baff8e2b3caac096d98f47_JaffaCakes118

    • Size

      503KB

    • MD5

      70cd338e49baff8e2b3caac096d98f47

    • SHA1

      3ae94ab1c833ce38c10728bdd90734e28f7ab06b

    • SHA256

      e5f370f790277e449c28a348d0bedd994b851af050c450b76ee3c1b78a63a4ac

    • SHA512

      5c64f48a5798ad4e70f0819b1fd7b9c3cd099d32763fded269abf0f20a427bbdc013966172d062036041a8d5645d171b43b70e2e3188a921648608786cc59f4a

    • SSDEEP

      12288:/ZB/FSf6NxmGjP+vqyWslUxwC3iyMMrFbP1:L0AmGP+vqyWwUxwOipMrd9

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks