Overview

overview

10

Static

static

3

JaffaCakes...ac.exe

windows7-x64

10

JaffaCakes...ac.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_29ad6b4feba986ba72475449f30736ac

  • Size

    536KB

  • Sample

    250113-qf259atjat

  • MD5

    29ad6b4feba986ba72475449f30736ac

  • SHA1

    a3d212404dfa7b546b3eb62de45356fa119a73e6

  • SHA256

    4f1ac579923377a3f66b9fc1f950c26bf44f0f4309659de0999f5cf8b6755838

  • SHA512

    7dc059b622e2d1e0098884bd7e7485169149022fc566498feccd2a17ea0ff529b3244be136c591492aee8fab6709f4dff0bb39f5a7f9d2bc45efac932b860745

  • SSDEEP

    12288:q5PM33fYCytFoEFEvcewVMulCSTyFX/20sqvyrw8lFkcK:6YPYCSoEWDuBTo+PMyNFkr

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_29ad6b4feba986ba72475449f30736ac

    • Size

      536KB

    • MD5

      29ad6b4feba986ba72475449f30736ac

    • SHA1

      a3d212404dfa7b546b3eb62de45356fa119a73e6

    • SHA256

      4f1ac579923377a3f66b9fc1f950c26bf44f0f4309659de0999f5cf8b6755838

    • SHA512

      7dc059b622e2d1e0098884bd7e7485169149022fc566498feccd2a17ea0ff529b3244be136c591492aee8fab6709f4dff0bb39f5a7f9d2bc45efac932b860745

    • SSDEEP

      12288:q5PM33fYCytFoEFEvcewVMulCSTyFX/20sqvyrw8lFkcK:6YPYCSoEWDuBTo+PMyNFkr

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks