Overview

overview

10

Static

static

3

edc82e71dc...18.exe

windows7-x64

10

edc82e71dc...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edc82e71dc8ebb6ca57489b27da8bcc8_JaffaCakes118

  • Size

    515KB

  • Sample

    241214-jvak8awkft

  • MD5

    edc82e71dc8ebb6ca57489b27da8bcc8

  • SHA1

    408bf9b756f5dde1aca352024c418103e4b05f6c

  • SHA256

    023769221cfe4482be9edd73470fbacfd578fc54cad4eeb9000cd8a6e36b657a

  • SHA512

    4afe5e0eb820679dc8c0327a7b9bf977bd66f00a254117f057b7773dfeef950952f53136aaed048307dd475e1ea2c903731a1e7c87e0364d4c5f8f68327bac0c

  • SSDEEP

    12288:LpJrhkOg5Wp5WuC+P6EK2oziLas7ih+lG1NzfLMtle:zrhkOgG5O2ozirGrf3

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      edc82e71dc8ebb6ca57489b27da8bcc8_JaffaCakes118

    • Size

      515KB

    • MD5

      edc82e71dc8ebb6ca57489b27da8bcc8

    • SHA1

      408bf9b756f5dde1aca352024c418103e4b05f6c

    • SHA256

      023769221cfe4482be9edd73470fbacfd578fc54cad4eeb9000cd8a6e36b657a

    • SHA512

      4afe5e0eb820679dc8c0327a7b9bf977bd66f00a254117f057b7773dfeef950952f53136aaed048307dd475e1ea2c903731a1e7c87e0364d4c5f8f68327bac0c

    • SSDEEP

      12288:LpJrhkOg5Wp5WuC+P6EK2oziLas7ih+lG1NzfLMtle:zrhkOgG5O2ozirGrf3

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks