Overview

overview

10

Static

static

3

79af143118...18.exe

windows7-x64

10

79af143118...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79af1431180a5177b4afa7152fb8d9cd_JaffaCakes118

  • Size

    500KB

  • Sample

    241028-pxjvkaxkek

  • MD5

    79af1431180a5177b4afa7152fb8d9cd

  • SHA1

    81485f2a889b1e82688db64addd2b9c8fba0e417

  • SHA256

    d6fa5bee9b5eb91f0c0fb3ad8fbe2e1d9c1f44d7715ab78fca677103b1466c08

  • SHA512

    e7fb74be328d9dc90b82dd7a3876b8ff80ba2a3c1cccd645b0b3ba0dc48f6180f5d24431e2384b90a64870b0eab6f55777a5a12b9e2b7490a930927e58dff70e

  • SSDEEP

    12288:c54WYMtoqTsTSE9H3B2QJjHZ5JGP+CScVpqkhObCRHDRALnhc7:4+Mt5w2E9H3ECHZ5JGP+CSca3SHVie7

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      79af1431180a5177b4afa7152fb8d9cd_JaffaCakes118

    • Size

      500KB

    • MD5

      79af1431180a5177b4afa7152fb8d9cd

    • SHA1

      81485f2a889b1e82688db64addd2b9c8fba0e417

    • SHA256

      d6fa5bee9b5eb91f0c0fb3ad8fbe2e1d9c1f44d7715ab78fca677103b1466c08

    • SHA512

      e7fb74be328d9dc90b82dd7a3876b8ff80ba2a3c1cccd645b0b3ba0dc48f6180f5d24431e2384b90a64870b0eab6f55777a5a12b9e2b7490a930927e58dff70e

    • SSDEEP

      12288:c54WYMtoqTsTSE9H3B2QJjHZ5JGP+CScVpqkhObCRHDRALnhc7:4+Mt5w2E9H3ECHZ5JGP+CSca3SHVie7

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks