Overview

overview

10

Static

static

3

ff0c54ee4c...18.exe

windows7-x64

10

ff0c54ee4c...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff0c54ee4cbf4d617bb5f29fe8e1da8f_JaffaCakes118

  • Size

    492KB

  • Sample

    241219-jqhq2awjcv

  • MD5

    ff0c54ee4cbf4d617bb5f29fe8e1da8f

  • SHA1

    a1bb575dcaf35f24cb1a979a489e211afba1551f

  • SHA256

    df9b1a1d0ea933e0a603c7b18ba4eb8af3bec4ed0c49910e1083b6dd82db98a2

  • SHA512

    7d27128b4d80a6416064ddea8f68ac0baabdf038864ed27f391079bcd1d9819b4ca8bfbba4363efa323f6a205c068981ee3251b35d0d1a00118e9d36839af81e

  • SSDEEP

    12288:/RMDR8M4LM3ESVATlfTiCXabOnrxUf8zbvPs:ZMtCLM3sTl7iCXeOn9Uybns

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      ff0c54ee4cbf4d617bb5f29fe8e1da8f_JaffaCakes118

    • Size

      492KB

    • MD5

      ff0c54ee4cbf4d617bb5f29fe8e1da8f

    • SHA1

      a1bb575dcaf35f24cb1a979a489e211afba1551f

    • SHA256

      df9b1a1d0ea933e0a603c7b18ba4eb8af3bec4ed0c49910e1083b6dd82db98a2

    • SHA512

      7d27128b4d80a6416064ddea8f68ac0baabdf038864ed27f391079bcd1d9819b4ca8bfbba4363efa323f6a205c068981ee3251b35d0d1a00118e9d36839af81e

    • SSDEEP

      12288:/RMDR8M4LM3ESVATlfTiCXabOnrxUf8zbvPs:ZMtCLM3sTl7iCXeOn9Uybns

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks