Overview

overview

10

Static

static

3

7b3b6d0f46...18.exe

windows7-x64

10

7b3b6d0f46...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b3b6d0f461c023b5e98b7fc0c3945a1_JaffaCakes118

  • Size

    163KB

  • Sample

    241029-asb7layme1

  • MD5

    7b3b6d0f461c023b5e98b7fc0c3945a1

  • SHA1

    e39af91eb316b1053ded0978d6366976e54e5892

  • SHA256

    803cadabc649c4a225fb0176a93e265a1ec4ca97a0b20a545087a2755dfd89f2

  • SHA512

    371271c376a6b567fcb38b19bb30479599cb1dc31260b6faca50cf3ae90b87d00a037ff01200d1c70dc65016c5042dbde6468e7175f982779172463aaec43477

  • SSDEEP

    3072:LCNmpyGkNdVux3lCi/BTrN5fmQczJrORqRjetDcnUvUgIk4Tj:kmpyGkNqdRrfmdJ/9GYnpk4Tj

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      7b3b6d0f461c023b5e98b7fc0c3945a1_JaffaCakes118

    • Size

      163KB

    • MD5

      7b3b6d0f461c023b5e98b7fc0c3945a1

    • SHA1

      e39af91eb316b1053ded0978d6366976e54e5892

    • SHA256

      803cadabc649c4a225fb0176a93e265a1ec4ca97a0b20a545087a2755dfd89f2

    • SHA512

      371271c376a6b567fcb38b19bb30479599cb1dc31260b6faca50cf3ae90b87d00a037ff01200d1c70dc65016c5042dbde6468e7175f982779172463aaec43477

    • SSDEEP

      3072:LCNmpyGkNdVux3lCi/BTrN5fmQczJrORqRjetDcnUvUgIk4Tj:kmpyGkNqdRrfmdJ/9GYnpk4Tj

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks