Overview

overview

10

Static

static

3

c41e2d7430...18.exe

windows7-x64

10

c41e2d7430...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c41e2d74301ee7ca1a6f17ee4a98f0bd_JaffaCakes118

  • Size

    478KB

  • Sample

    241204-yjxzpsxrfz

  • MD5

    c41e2d74301ee7ca1a6f17ee4a98f0bd

  • SHA1

    dd1dfb27fd0bb98c25a738de583b80630d8149f0

  • SHA256

    e18a3053c84fbb2d2fb05e342b3069e1a564661fa63bc25809398f199e32f33a

  • SHA512

    c7c1519825508a0c6fdde009df175cfe93554f974a4088aba9468d1238a6f5cbdba7c6546bcf5f3e735271f79215c763c3053b33a58fd2f85dea291f7b78d98d

  • SSDEEP

    12288:ctlO6MzJvlXglawzAAuf/Jhjw7bQFgwT8Gh:2lOhzJvlXglBA//XecFHTdh

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      c41e2d74301ee7ca1a6f17ee4a98f0bd_JaffaCakes118

    • Size

      478KB

    • MD5

      c41e2d74301ee7ca1a6f17ee4a98f0bd

    • SHA1

      dd1dfb27fd0bb98c25a738de583b80630d8149f0

    • SHA256

      e18a3053c84fbb2d2fb05e342b3069e1a564661fa63bc25809398f199e32f33a

    • SHA512

      c7c1519825508a0c6fdde009df175cfe93554f974a4088aba9468d1238a6f5cbdba7c6546bcf5f3e735271f79215c763c3053b33a58fd2f85dea291f7b78d98d

    • SSDEEP

      12288:ctlO6MzJvlXglawzAAuf/Jhjw7bQFgwT8Gh:2lOhzJvlXglBA//XecFHTdh

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks