Overview

overview

10

Static

static

3

8115d635e5...18.exe

windows7-x64

10

8115d635e5...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8115d635e5ef8e2c48bf177682d244d3_JaffaCakes118

  • Size

    798KB

  • Sample

    241031-b7z3msvpbv

  • MD5

    8115d635e5ef8e2c48bf177682d244d3

  • SHA1

    3386b2fa374064e0049aa2f4514c89212437a402

  • SHA256

    df7d9c821e7286e3fabecffdd380e925d04255bb1a9dbdbe63968d3a544eb5b9

  • SHA512

    82b0d1129706c53f009c077a0384855c86f251a82fec294c439b650c1c13bcb7b1fad5553e1d1d2c59593b220d84783a5b81ad74cd7bbd30cac0d58bd02ddb11

  • SSDEEP

    24576:CbuVT8Op/5+wF5O6nS8AtQjzMyGm+dCKC:Kqn/JTnFH39qdCKC

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      8115d635e5ef8e2c48bf177682d244d3_JaffaCakes118

    • Size

      798KB

    • MD5

      8115d635e5ef8e2c48bf177682d244d3

    • SHA1

      3386b2fa374064e0049aa2f4514c89212437a402

    • SHA256

      df7d9c821e7286e3fabecffdd380e925d04255bb1a9dbdbe63968d3a544eb5b9

    • SHA512

      82b0d1129706c53f009c077a0384855c86f251a82fec294c439b650c1c13bcb7b1fad5553e1d1d2c59593b220d84783a5b81ad74cd7bbd30cac0d58bd02ddb11

    • SSDEEP

      24576:CbuVT8Op/5+wF5O6nS8AtQjzMyGm+dCKC:Kqn/JTnFH39qdCKC

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks