Overview

overview

10

Static

static

3

JaffaCakes...04.exe

windows7-x64

10

JaffaCakes...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_2059c65030633b3301b4b20f50e53204

  • Size

    525KB

  • Sample

    250124-l6c7lasrfz

  • MD5

    2059c65030633b3301b4b20f50e53204

  • SHA1

    8968aa3cf84576bc9510a643592575f44fcf183a

  • SHA256

    f40c7e82c800642a7c69b52f256afe2af65445848ff46a440fd1dd917760cc53

  • SHA512

    8b4c0a8d461e5496276a903cc076536f4d2a32385d0cdbcb26f9ecb3074659a7c6ea00b9337da4afdba16fd27a63fdc78ae1c64788d463a46c9d2aa40300d9a1

  • SSDEEP

    12288:VMtvBNNV4QsSE+lJnkOhcja2drTzdCbveXzaud+yslnQUhclp1QFROQuvCL6:GpBNa2luBXTzdCDyauUyslnQMGp0OQud

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_2059c65030633b3301b4b20f50e53204

    • Size

      525KB

    • MD5

      2059c65030633b3301b4b20f50e53204

    • SHA1

      8968aa3cf84576bc9510a643592575f44fcf183a

    • SHA256

      f40c7e82c800642a7c69b52f256afe2af65445848ff46a440fd1dd917760cc53

    • SHA512

      8b4c0a8d461e5496276a903cc076536f4d2a32385d0cdbcb26f9ecb3074659a7c6ea00b9337da4afdba16fd27a63fdc78ae1c64788d463a46c9d2aa40300d9a1

    • SSDEEP

      12288:VMtvBNNV4QsSE+lJnkOhcja2drTzdCbveXzaud+yslnQUhclp1QFROQuvCL6:GpBNa2luBXTzdCDyauUyslnQMGp0OQud

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks