Overview

overview

10

Static

static

3

JaffaCakes...3d.exe

windows7-x64

10

JaffaCakes...3d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_12622b2499dd9f62ec0190b4cd4dcc3d

  • Size

    1.1MB

  • Sample

    250123-a5ajjatnf1

  • MD5

    12622b2499dd9f62ec0190b4cd4dcc3d

  • SHA1

    d99078a6306837ca9a1ef390822c78dd6b13e5be

  • SHA256

    c9bd5f4ffaea7bb2696c4971cb437bf7f25da2d375e5ae20a56a3356d26fec47

  • SHA512

    1e5f58f8ac624508d641457a296f27db216aa45679612b083abe7a98f3feb16896972a9815a92e851979e007183775e3c30de5861f09d410005b6dca6cc1910f

  • SSDEEP

    24576:dZxTfgDMsT5kIndII0gdATfBv3taMat0IlUFug05LS6wamrd:dXT4H0UoplaMatq4dLmr

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_12622b2499dd9f62ec0190b4cd4dcc3d

    • Size

      1.1MB

    • MD5

      12622b2499dd9f62ec0190b4cd4dcc3d

    • SHA1

      d99078a6306837ca9a1ef390822c78dd6b13e5be

    • SHA256

      c9bd5f4ffaea7bb2696c4971cb437bf7f25da2d375e5ae20a56a3356d26fec47

    • SHA512

      1e5f58f8ac624508d641457a296f27db216aa45679612b083abe7a98f3feb16896972a9815a92e851979e007183775e3c30de5861f09d410005b6dca6cc1910f

    • SSDEEP

      24576:dZxTfgDMsT5kIndII0gdATfBv3taMat0IlUFug05LS6wamrd:dXT4H0UoplaMatq4dLmr

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks