Overview

overview

10

Static

static

3

e31655d116...18.exe

windows7-x64

10

e31655d116...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e31655d1164a77e6a19d811c310372a3_JaffaCakes118

  • Size

    480KB

  • Sample

    241211-y8w4psxmcs

  • MD5

    e31655d1164a77e6a19d811c310372a3

  • SHA1

    ecb0482d2a504c72073c515cde953d1d1d633e01

  • SHA256

    11e48892351418f6d4a81ec4c4639122c68b60731ceee4ce0325f23c686018b7

  • SHA512

    19c399bbaf929394d4e68c134baa7c832d763bfa92dd61ac32b09cc3d43e5e125d808f1941d9ca4fa38f621e77d2970138afa47c92c85dbb5612157661b2ffdd

  • SSDEEP

    12288:GLJ+UpLJWZ53y0YkddXgu813R80303gGNxQFRj74bU9:yfpI73yVGFij8l5NkYa

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      e31655d1164a77e6a19d811c310372a3_JaffaCakes118

    • Size

      480KB

    • MD5

      e31655d1164a77e6a19d811c310372a3

    • SHA1

      ecb0482d2a504c72073c515cde953d1d1d633e01

    • SHA256

      11e48892351418f6d4a81ec4c4639122c68b60731ceee4ce0325f23c686018b7

    • SHA512

      19c399bbaf929394d4e68c134baa7c832d763bfa92dd61ac32b09cc3d43e5e125d808f1941d9ca4fa38f621e77d2970138afa47c92c85dbb5612157661b2ffdd

    • SSDEEP

      12288:GLJ+UpLJWZ53y0YkddXgu813R80303gGNxQFRj74bU9:yfpI73yVGFij8l5NkYa

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks