Overview

overview

10

Static

static

3

7d686af3c4...18.exe

windows7-x64

10

7d686af3c4...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d686af3c46d4ff796ac6222d179a4b1_JaffaCakes118

  • Size

    586KB

  • Sample

    241030-bqqgwateql

  • MD5

    7d686af3c46d4ff796ac6222d179a4b1

  • SHA1

    7e4e43c31f6bafd58ca5787b0645cc781b2210e2

  • SHA256

    19acd8fe576b02eef23b098f6d4dc4560b81cbdd942894dee70e63b02a43dbb6

  • SHA512

    08e26cb0a6d751a44e86fb3967753ba8f6c5c98777dde9d73c438c6484be326ad163ad4f7a3d8f615539e26fa01ddf1359129811aaf8a3b28f4ee9106d5b79b5

  • SSDEEP

    12288:i9Ggwm248jWQWW4izUpnB493vWGp/Di6yseBAzdHUumrNY1:xZm2AMz+nUvL7ii2epOY1

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      7d686af3c46d4ff796ac6222d179a4b1_JaffaCakes118

    • Size

      586KB

    • MD5

      7d686af3c46d4ff796ac6222d179a4b1

    • SHA1

      7e4e43c31f6bafd58ca5787b0645cc781b2210e2

    • SHA256

      19acd8fe576b02eef23b098f6d4dc4560b81cbdd942894dee70e63b02a43dbb6

    • SHA512

      08e26cb0a6d751a44e86fb3967753ba8f6c5c98777dde9d73c438c6484be326ad163ad4f7a3d8f615539e26fa01ddf1359129811aaf8a3b28f4ee9106d5b79b5

    • SSDEEP

      12288:i9Ggwm248jWQWW4izUpnB493vWGp/Di6yseBAzdHUumrNY1:xZm2AMz+nUvL7ii2epOY1

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks