Overview

overview

10

Static

static

3

9268d5734e...18.exe

windows7-x64

10

9268d5734e...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9268d5734eeba88a56547bc5d7f6034a_JaffaCakes118

  • Size

    202KB

  • Sample

    241124-ee1p9aypbr

  • MD5

    9268d5734eeba88a56547bc5d7f6034a

  • SHA1

    66e053262d241698f2c611203fd1697f8837d806

  • SHA256

    bcdd8253acad7e3c700c5731562757bbb6bf2ab1cdc6b017f7eeb2f9d08b1c1e

  • SHA512

    8a6fd5938c8a5f3ba8bc1a8c5a14148a1ed351c6d2b9f2365d686045cb8a8309cec87ff036fd67d970fabaf002a186033924782a807e0598c7967d692f5eb29e

  • SSDEEP

    6144:BmpyGoO2g8XQRMzzRrWvLqdTXSG1YVDmdIZxN6t:B3gRMzxWvLq4G18Xz6t

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      9268d5734eeba88a56547bc5d7f6034a_JaffaCakes118

    • Size

      202KB

    • MD5

      9268d5734eeba88a56547bc5d7f6034a

    • SHA1

      66e053262d241698f2c611203fd1697f8837d806

    • SHA256

      bcdd8253acad7e3c700c5731562757bbb6bf2ab1cdc6b017f7eeb2f9d08b1c1e

    • SHA512

      8a6fd5938c8a5f3ba8bc1a8c5a14148a1ed351c6d2b9f2365d686045cb8a8309cec87ff036fd67d970fabaf002a186033924782a807e0598c7967d692f5eb29e

    • SSDEEP

      6144:BmpyGoO2g8XQRMzzRrWvLqdTXSG1YVDmdIZxN6t:B3gRMzxWvLq4G18Xz6t

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks