Overview

overview

10

Static

static

3

738a3a6f83...18.exe

windows7-x64

10

738a3a6f83...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    738a3a6f83f2620fb8f5a1ff096eb6d5_JaffaCakes118

  • Size

    481KB

  • Sample

    241024-nsmj8azdkm

  • MD5

    738a3a6f83f2620fb8f5a1ff096eb6d5

  • SHA1

    35e696eec23c28578125b247fe27c72f242832e7

  • SHA256

    e806fc96c015b8132101053d84803d9a9e947f5fb0b21b22971b54f4217b9c6d

  • SHA512

    4b76e872998ce2241aa0a6b41fc1b938040d54416c97fae16572766314574722c701ab5e86317b7e55b71c8bc499c0e977ef242e6c181cafc6fe0396a76d3b45

  • SSDEEP

    12288:FQVnmMHNz182PAWnM50AQY24QyUpBLzzpQaiYLshvMh:XMHNzmEM5tQrN/pQru

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      738a3a6f83f2620fb8f5a1ff096eb6d5_JaffaCakes118

    • Size

      481KB

    • MD5

      738a3a6f83f2620fb8f5a1ff096eb6d5

    • SHA1

      35e696eec23c28578125b247fe27c72f242832e7

    • SHA256

      e806fc96c015b8132101053d84803d9a9e947f5fb0b21b22971b54f4217b9c6d

    • SHA512

      4b76e872998ce2241aa0a6b41fc1b938040d54416c97fae16572766314574722c701ab5e86317b7e55b71c8bc499c0e977ef242e6c181cafc6fe0396a76d3b45

    • SSDEEP

      12288:FQVnmMHNz182PAWnM50AQY24QyUpBLzzpQaiYLshvMh:XMHNzmEM5tQrN/pQru

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks