Overview

overview

10

Static

static

3

d2bebe37ed...18.exe

windows7-x64

10

d2bebe37ed...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d2bebe37ed4c05e55b68267f420911f3_JaffaCakes118

  • Size

    479KB

  • Sample

    241207-q1mlastpbw

  • MD5

    d2bebe37ed4c05e55b68267f420911f3

  • SHA1

    11f6170e67d941ca1516c2cb3556ba0ddb051939

  • SHA256

    0e2888191cbe1856a236958a75fdee0f305f1483d7e8d48048c461205d0954af

  • SHA512

    26834bf2d4eba394cdd58ddc941825855f0c91216294af3a18d72d655eebed7fca2f05d37b94a955015aa8d658854c313aa270aa5807c950e4c9489cb86eb173

  • SSDEEP

    12288:jf5Hd2A41B6UvfmvzsI7dN1OJR/hNHGZ3Tv3p+Mv:1HSoUnmvzskj1C/h41b5B

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      d2bebe37ed4c05e55b68267f420911f3_JaffaCakes118

    • Size

      479KB

    • MD5

      d2bebe37ed4c05e55b68267f420911f3

    • SHA1

      11f6170e67d941ca1516c2cb3556ba0ddb051939

    • SHA256

      0e2888191cbe1856a236958a75fdee0f305f1483d7e8d48048c461205d0954af

    • SHA512

      26834bf2d4eba394cdd58ddc941825855f0c91216294af3a18d72d655eebed7fca2f05d37b94a955015aa8d658854c313aa270aa5807c950e4c9489cb86eb173

    • SSDEEP

      12288:jf5Hd2A41B6UvfmvzsI7dN1OJR/hNHGZ3Tv3p+Mv:1HSoUnmvzskj1C/h41b5B

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks