Overview

overview

10

Static

static

3

JaffaCakes...b1.exe

windows7-x64

10

JaffaCakes...b1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_68b82480f42d95aff0d4e83dc2413ab1

  • Size

    2.0MB

  • Sample

    250102-2wpewayngs

  • MD5

    68b82480f42d95aff0d4e83dc2413ab1

  • SHA1

    6f06f5f94b25cf7a17f7009ffa2a9f51c6b7d5ee

  • SHA256

    4c0f4cde7981ab905300efcd647adffcc46d682468cae06fcf46b7a791d6b3d6

  • SHA512

    2598d8bf2518167b875782f4da949a58d2a52f4575c3b2c43844c9594babd068063c2b2ff1f6ab479750c2f970481b1dbd73b0549a46085af52f5c924f5c1a1d

  • SSDEEP

    49152:rUC7YTgYsd3g7lWZ9Q1MWHt5YxmAFuWKJz+jaX:r33rmlrE2b

Score
10/10
ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_68b82480f42d95aff0d4e83dc2413ab1

    • Size

      2.0MB

    • MD5

      68b82480f42d95aff0d4e83dc2413ab1

    • SHA1

      6f06f5f94b25cf7a17f7009ffa2a9f51c6b7d5ee

    • SHA256

      4c0f4cde7981ab905300efcd647adffcc46d682468cae06fcf46b7a791d6b3d6

    • SHA512

      2598d8bf2518167b875782f4da949a58d2a52f4575c3b2c43844c9594babd068063c2b2ff1f6ab479750c2f970481b1dbd73b0549a46085af52f5c924f5c1a1d

    • SSDEEP

      49152:rUC7YTgYsd3g7lWZ9Q1MWHt5YxmAFuWKJz+jaX:r33rmlrE2b

    Score
    10/10
    ardamaxdefense_evasiondiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks