Overview

overview

10

Static

static

3

8c0e01de8a...18.exe

windows7-x64

10

8c0e01de8a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c0e01de8a7fa8487cdfb64f75b8ac29_JaffaCakes118

  • Size

    480KB

  • Sample

    241103-sbqyjaxfjk

  • MD5

    8c0e01de8a7fa8487cdfb64f75b8ac29

  • SHA1

    b878799cabf2512b06baf212335c929097552f42

  • SHA256

    ce598df92a7035d0d1626369d0095d3c6996f6fd7ea092eb06b191be01de3699

  • SHA512

    dbaff73641f83c4fa6c86a643a354b86547dcb16a70dd2c9b94be08f39da2d78c5dbbf5de4999482d8c6831b6f0c9125205455d5155ab1e1806755571f5144ac

  • SSDEEP

    12288:1wd+LvTjmQHHEMbISNs512TvEqb2ExHZHk:i+LvTjmScSs512Yqbt5Hk

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      8c0e01de8a7fa8487cdfb64f75b8ac29_JaffaCakes118

    • Size

      480KB

    • MD5

      8c0e01de8a7fa8487cdfb64f75b8ac29

    • SHA1

      b878799cabf2512b06baf212335c929097552f42

    • SHA256

      ce598df92a7035d0d1626369d0095d3c6996f6fd7ea092eb06b191be01de3699

    • SHA512

      dbaff73641f83c4fa6c86a643a354b86547dcb16a70dd2c9b94be08f39da2d78c5dbbf5de4999482d8c6831b6f0c9125205455d5155ab1e1806755571f5144ac

    • SSDEEP

      12288:1wd+LvTjmQHHEMbISNs512TvEqb2ExHZHk:i+LvTjmScSs512Yqbt5Hk

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks