Overview

overview

10

Static

static

3

b22e6adc3b...18.exe

windows7-x64

10

b22e6adc3b...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b22e6adc3b992a11b3c1ebcc917b09ee_JaffaCakes118

  • Size

    171KB

  • Sample

    241129-sy7vkasrdx

  • MD5

    b22e6adc3b992a11b3c1ebcc917b09ee

  • SHA1

    933d6d338cc86f6e81670af33deae879eef8f227

  • SHA256

    e5ac1c5c3af3a07d55dc9a5f7a866a3d00027dcd6db2aaf2e7809c0f038873d1

  • SHA512

    6bb419e59e47c5aa025781dc2585d07c9abceca0f3176245033909bf9740f8d0e79d753a1326a0da66578c61c1a14fd8f122a24974d95ed95b1f5899946a6639

  • SSDEEP

    3072:0OZHQaGFIvd1aCNWeX6pzqvOO0v2wTUGtao9ferweQxKFSNsbvcL:lGSdk4By40pTUXaUwegKtcL

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      b22e6adc3b992a11b3c1ebcc917b09ee_JaffaCakes118

    • Size

      171KB

    • MD5

      b22e6adc3b992a11b3c1ebcc917b09ee

    • SHA1

      933d6d338cc86f6e81670af33deae879eef8f227

    • SHA256

      e5ac1c5c3af3a07d55dc9a5f7a866a3d00027dcd6db2aaf2e7809c0f038873d1

    • SHA512

      6bb419e59e47c5aa025781dc2585d07c9abceca0f3176245033909bf9740f8d0e79d753a1326a0da66578c61c1a14fd8f122a24974d95ed95b1f5899946a6639

    • SSDEEP

      3072:0OZHQaGFIvd1aCNWeX6pzqvOO0v2wTUGtao9ferweQxKFSNsbvcL:lGSdk4By40pTUXaUwegKtcL

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks