Overview

overview

10

Static

static

3

JaffaCakes...35.exe

windows7-x64

10

JaffaCakes...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_10e062cab2a8915ceeac731374635d35

  • Size

    747KB

  • Sample

    250122-za3n9stqds

  • MD5

    10e062cab2a8915ceeac731374635d35

  • SHA1

    96ee390380f56cb55fc71df372871a92b30d4951

  • SHA256

    c9eeab7cff2b60e87771737d2d0723175ced0ed121256c799da02883c1e56d30

  • SHA512

    13ae7f8add9ba81e3928c1a8e8cd7990d5c4a32144445ee5405069a6e2c434bd4968c1f1e08db18a92d954b44dadc6b35c5779f1fafd6bd4cb355ff69716faa7

  • SSDEEP

    12288:FcE973jHV2Ivi1AunsYRtMyq8dcO5fbgALuo+cTHhDDpQti/YNrUUaSoEyHpwXR:f1bviS9YfMW5fciRpq8YNAeoJHY

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      JaffaCakes118_10e062cab2a8915ceeac731374635d35

    • Size

      747KB

    • MD5

      10e062cab2a8915ceeac731374635d35

    • SHA1

      96ee390380f56cb55fc71df372871a92b30d4951

    • SHA256

      c9eeab7cff2b60e87771737d2d0723175ced0ed121256c799da02883c1e56d30

    • SHA512

      13ae7f8add9ba81e3928c1a8e8cd7990d5c4a32144445ee5405069a6e2c434bd4968c1f1e08db18a92d954b44dadc6b35c5779f1fafd6bd4cb355ff69716faa7

    • SSDEEP

      12288:FcE973jHV2Ivi1AunsYRtMyq8dcO5fbgALuo+cTHhDDpQti/YNrUUaSoEyHpwXR:f1bviS9YfMW5fciRpq8YNAeoJHY

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks