Overview

overview

10

Static

static

3

8bc44af699...18.exe

windows7-x64

10

8bc44af699...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8bc44af6997059d6666b00900ba78657_JaffaCakes118

  • Size

    479KB

  • Sample

    241103-qzkejsyjgl

  • MD5

    8bc44af6997059d6666b00900ba78657

  • SHA1

    7ac8986ca8ac0d1d73fe1834e93583052fa046de

  • SHA256

    ed0394a61e0d191948bf5f76244e0f1d0c95027e30d77499d89a8c0e8c6027f9

  • SHA512

    6320d9c11cb3ea21c259da707e4308c15c37d133afab016ae3eff5bc49393b511d638a63d14e938100f757941d1174a9224ad1aa12b6ab3bbd43d4c8d7681b10

  • SSDEEP

    12288:LASPvz5+7HbMcSTPs/HpftTLEXppUT/LQYKT5/:kMbAXMcEPaJFXYp2EYKTZ

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      8bc44af6997059d6666b00900ba78657_JaffaCakes118

    • Size

      479KB

    • MD5

      8bc44af6997059d6666b00900ba78657

    • SHA1

      7ac8986ca8ac0d1d73fe1834e93583052fa046de

    • SHA256

      ed0394a61e0d191948bf5f76244e0f1d0c95027e30d77499d89a8c0e8c6027f9

    • SHA512

      6320d9c11cb3ea21c259da707e4308c15c37d133afab016ae3eff5bc49393b511d638a63d14e938100f757941d1174a9224ad1aa12b6ab3bbd43d4c8d7681b10

    • SSDEEP

      12288:LASPvz5+7HbMcSTPs/HpftTLEXppUT/LQYKT5/:kMbAXMcEPaJFXYp2EYKTZ

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks