Overview

overview

10

Static

static

3

JaffaCakes...f0.exe

windows7-x64

10

JaffaCakes...f0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4e97f7a83ecc33ce0d669b74ed955cf0

  • Size

    497KB

  • Sample

    250101-knm4eaznbz

  • MD5

    4e97f7a83ecc33ce0d669b74ed955cf0

  • SHA1

    94c08320f2f3d9137c71f1392504c9b6a49b66e1

  • SHA256

    bf4985f44cd1140eef3ed135e2b02100304ae80cd174c3e94b0a49778fb3e10d

  • SHA512

    fb9184858af412ef11f818635991dc86f4dab7fd6b1cad1918387a7882553e3dccd163eb7f09b42d096feb03bac18123340509191377c220471d10b714c6eaba

  • SSDEEP

    12288:sdQI8THDQWBXWp4oNeSxFtbJohkpgPoL6kxS:FTUCGpPNeSxFtblpgPoukk

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_4e97f7a83ecc33ce0d669b74ed955cf0

    • Size

      497KB

    • MD5

      4e97f7a83ecc33ce0d669b74ed955cf0

    • SHA1

      94c08320f2f3d9137c71f1392504c9b6a49b66e1

    • SHA256

      bf4985f44cd1140eef3ed135e2b02100304ae80cd174c3e94b0a49778fb3e10d

    • SHA512

      fb9184858af412ef11f818635991dc86f4dab7fd6b1cad1918387a7882553e3dccd163eb7f09b42d096feb03bac18123340509191377c220471d10b714c6eaba

    • SSDEEP

      12288:sdQI8THDQWBXWp4oNeSxFtbJohkpgPoL6kxS:FTUCGpPNeSxFtblpgPoukk

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks