Overview

overview

10

Static

static

3

JaffaCakes...e0.exe

windows7-x64

10

JaffaCakes...e0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1905a71691153b39f6f589786de284e0

  • Size

    641KB

  • Sample

    250123-txfv5avqfx

  • MD5

    1905a71691153b39f6f589786de284e0

  • SHA1

    b50267b1bc65143803652f1d8e8cfd4835a4b5dd

  • SHA256

    f42489d578a6d82c015d592c7f78639a3b3bfa05edd1bc267595a9fde3c2d8be

  • SHA512

    e0bbd9b174cddea6b32988c06a72d98a6e7732221a6f749a1adb0067cc353f0a4ea7b7beba5bef2ce13cf8e0435c68febec628e4db6ad52e42de012628b07255

  • SSDEEP

    12288:yXcpf8LHtqUmJW9KfNTR9zk2Q3YBLsEATjaNIjkzLbjjVtlYNGN:vf8YUGfNTuoBLsXjaNIIz3PHcGN

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_1905a71691153b39f6f589786de284e0

    • Size

      641KB

    • MD5

      1905a71691153b39f6f589786de284e0

    • SHA1

      b50267b1bc65143803652f1d8e8cfd4835a4b5dd

    • SHA256

      f42489d578a6d82c015d592c7f78639a3b3bfa05edd1bc267595a9fde3c2d8be

    • SHA512

      e0bbd9b174cddea6b32988c06a72d98a6e7732221a6f749a1adb0067cc353f0a4ea7b7beba5bef2ce13cf8e0435c68febec628e4db6ad52e42de012628b07255

    • SSDEEP

      12288:yXcpf8LHtqUmJW9KfNTR9zk2Q3YBLsEATjaNIjkzLbjjVtlYNGN:vf8YUGfNTuoBLsXjaNIIz3PHcGN

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks