Overview

overview

10

Static

static

3

8b87ace78b...18.exe

windows7-x64

10

8b87ace78b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b87ace78b3a459dc581b6efd9b7ebae_JaffaCakes118

  • Size

    479KB

  • Sample

    241103-pwkepstkgs

  • MD5

    8b87ace78b3a459dc581b6efd9b7ebae

  • SHA1

    a4b557c06959dad69341f631df19ce608b649a86

  • SHA256

    ab6fca2b4eeefdc8dfa26c9fa10c81293920684b45d33071a8defe50f80bd93d

  • SHA512

    c5d6a7ddbee7c33618573bae4336af6d233332ae5e52e0d125a949c67ae3849bf89c38d55c599d4cd722511af4b8a8f4cf6cbfa4510438691cbb852615122638

  • SSDEEP

    12288:iBI5KmCN/9ZgxI4uDUyzw64N4+ms9GwSutRFzXJ:h5692x1uXzwFJmNwSutHZ

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      8b87ace78b3a459dc581b6efd9b7ebae_JaffaCakes118

    • Size

      479KB

    • MD5

      8b87ace78b3a459dc581b6efd9b7ebae

    • SHA1

      a4b557c06959dad69341f631df19ce608b649a86

    • SHA256

      ab6fca2b4eeefdc8dfa26c9fa10c81293920684b45d33071a8defe50f80bd93d

    • SHA512

      c5d6a7ddbee7c33618573bae4336af6d233332ae5e52e0d125a949c67ae3849bf89c38d55c599d4cd722511af4b8a8f4cf6cbfa4510438691cbb852615122638

    • SSDEEP

      12288:iBI5KmCN/9ZgxI4uDUyzw64N4+ms9GwSutRFzXJ:h5692x1uXzwFJmNwSutHZ

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks