Overview

overview

10

Static

static

3

JaffaCakes...39.exe

windows7-x64

10

JaffaCakes...39.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_1a80877bde6810cc7e15cf9cc6563239

  • Size

    817KB

  • Sample

    250123-ycjhqs1jdx

  • MD5

    1a80877bde6810cc7e15cf9cc6563239

  • SHA1

    bb2856315ac448603486432c7e10031585b329f6

  • SHA256

    30da9c7d4127025aa823708bb1c694e9bcf561a95e3201f7599aa9b00e1aaab9

  • SHA512

    0054cf4fba0b6c19e3a9ba72d3fe87510308c97dcf207baf82dd33f39962aa151f68bb61f64974ab0e70cdfdf1afa461f470990028e7bbc4231f7bd831ff03f9

  • SSDEEP

    12288:NXcinjJ7M/X/2rS4aroc3bT566OhQykpMRjcrVpUsR9QW7yIgRKe92gDF3E0F3hR:RjJEX/2W4ar33khkpgjc5JTsPJEahE6

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_1a80877bde6810cc7e15cf9cc6563239

    • Size

      817KB

    • MD5

      1a80877bde6810cc7e15cf9cc6563239

    • SHA1

      bb2856315ac448603486432c7e10031585b329f6

    • SHA256

      30da9c7d4127025aa823708bb1c694e9bcf561a95e3201f7599aa9b00e1aaab9

    • SHA512

      0054cf4fba0b6c19e3a9ba72d3fe87510308c97dcf207baf82dd33f39962aa151f68bb61f64974ab0e70cdfdf1afa461f470990028e7bbc4231f7bd831ff03f9

    • SSDEEP

      12288:NXcinjJ7M/X/2rS4aroc3bT566OhQykpMRjcrVpUsR9QW7yIgRKe92gDF3E0F3hR:RjJEX/2W4ar33khkpgjc5JTsPJEahE6

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks