Overview

overview

10

Static

static

3

Elfbot and...ck.exe

windows7-x64

10

Elfbot and...ck.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9a02c9d7305058aa27c73c19be9ecdb_JaffaCakes118

  • Size

    488KB

  • Sample

    241127-zvpyxazqcw

  • MD5

    a9a02c9d7305058aa27c73c19be9ecdb

  • SHA1

    0b606d4f8a11004449b5ef4c0f3dfd48d1292630

  • SHA256

    074481c4aeb09612eb1bcdf9a7e5bcb4ccc65dcb1d4a097c802dad3529482b6f

  • SHA512

    86ff6ec0dfe5f3bf793c775c60118ca1c07b8d98a5a8e8c4192fd5f85567ce2420126ea96d39f14644c9ba30daa1b88f33124e0018a75a11d11c597c29d758da

  • SSDEEP

    12288:MXKJszzn9YovgIUJ3L2aNAP9WPjOs+dlXk:eKKzhYovo2aNxPidrk

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      Elfbot and Tbiabot 8.53 Crack.exe

    • Size

      557KB

    • MD5

      5b6228271caa157db4b8d86ea0c61ccc

    • SHA1

      e24c3b07dbb99150bb2a1185b0efb0ad8ef4855f

    • SHA256

      9eb196dd4f3d26e8d13df4ac29694be2a223dd21d2b8d06c1a01630cc2d4953a

    • SHA512

      8793a9859a1eb66086a36880eefe174a98c884054b605cb501988bf7ecf2056529be31b5c6cf2113be4c6f35995a51529b8c75fa1cd9b06852d4ac77552c2cfc

    • SSDEEP

      12288:6B176Pdc2o9chJHAMLiTopvUCyMolyGrGP7w:a176y9cTdLvLynlkM

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks