Overview

overview

10

Static

static

3

JaffaCakes...35.exe

windows7-x64

10

JaffaCakes...35.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_131b3d06b3d908fd213f3342f26fef35

  • Size

    543KB

  • Sample

    250123-ddk3qszlej

  • MD5

    131b3d06b3d908fd213f3342f26fef35

  • SHA1

    cfae94aafbe13a007b8d096796584f9e258edbca

  • SHA256

    7dea928296025d7fc390623eea366a420f1518fc3dac903fbc2c1de5542b2d3f

  • SHA512

    ee00448faedb5a69d62094ce8ea24f63b7e9ea72317dcf2ff0f36123427799a82f870fbebf9765555b101dc8b95b2717daeb32ca4b6a934a203d905741bfadd9

  • SSDEEP

    12288:OI6Kb77/0JoLqrtu+8sc+GYK07XL0GeqxRWdz68lKW/Elb:Oc3swKtl8z+GYpb0uxMdVlKWCb

Score
10/10
ardamaxdefense_evasiondiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      JaffaCakes118_131b3d06b3d908fd213f3342f26fef35

    • Size

      543KB

    • MD5

      131b3d06b3d908fd213f3342f26fef35

    • SHA1

      cfae94aafbe13a007b8d096796584f9e258edbca

    • SHA256

      7dea928296025d7fc390623eea366a420f1518fc3dac903fbc2c1de5542b2d3f

    • SHA512

      ee00448faedb5a69d62094ce8ea24f63b7e9ea72317dcf2ff0f36123427799a82f870fbebf9765555b101dc8b95b2717daeb32ca4b6a934a203d905741bfadd9

    • SSDEEP

      12288:OI6Kb77/0JoLqrtu+8sc+GYK07XL0GeqxRWdz68lKW/Elb:Oc3swKtl8z+GYpb0uxMdVlKWCb

    Score
    10/10
    ardamaxdefense_evasiondiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks