Overview

overview

10

Static

static

3

d1ddf3043d...18.exe

windows7-x64

10

d1ddf3043d...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1ddf3043d7e818ecdc49a916bcca0ec_JaffaCakes118

  • Size

    385KB

  • Sample

    241207-l2haraxmgw

  • MD5

    d1ddf3043d7e818ecdc49a916bcca0ec

  • SHA1

    7cb2cfe49c16f75b97ecae782dba897e02f87cc5

  • SHA256

    11c9cb9bbd091436fb485626d94f0e8098533d4a96358fb3bf15e763e68de9bd

  • SHA512

    81f8475aa7cd555a4455cd74c4cf59a6f75234eb93680e1046fa2fc6701914bc19718f5e4ac7264654bdfb3b3f47def484a82c207a382c5d1fe0dbf18af55bbf

  • SSDEEP

    6144:YAHNj9eotSOL0xB1vNGcDc768ytK1RcTCXiC6+ywakKd2dIFmJEY6DV:YANGxNNc7rD1KTPznQdIwEV

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      d1ddf3043d7e818ecdc49a916bcca0ec_JaffaCakes118

    • Size

      385KB

    • MD5

      d1ddf3043d7e818ecdc49a916bcca0ec

    • SHA1

      7cb2cfe49c16f75b97ecae782dba897e02f87cc5

    • SHA256

      11c9cb9bbd091436fb485626d94f0e8098533d4a96358fb3bf15e763e68de9bd

    • SHA512

      81f8475aa7cd555a4455cd74c4cf59a6f75234eb93680e1046fa2fc6701914bc19718f5e4ac7264654bdfb3b3f47def484a82c207a382c5d1fe0dbf18af55bbf

    • SSDEEP

      6144:YAHNj9eotSOL0xB1vNGcDc768ytK1RcTCXiC6+ywakKd2dIFmJEY6DV:YANGxNNc7rD1KTPznQdIwEV

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks