General
-
Target
JaffaCakes118_2024c6043c006a706d17b8225823f488
-
Size
1.1MB
-
Sample
250124-lm3yxasjg1
-
MD5
2024c6043c006a706d17b8225823f488
-
SHA1
f6e7b1b4dea19b647961041d70dd08858ef8eb71
-
SHA256
34797200cccc0cade8ee978bad1bc01180476575bc8793827eca3e75a8dd4fbf
-
SHA512
43c65b28f045246e51335ece9aa9fcdb025e6e032a5bc7f4686e4adea4eb960a5c6450f7fac04ea8f49a67cb0d742bafa437214c73839cf6fd4d8ee92d26b561
-
SSDEEP
24576:85tJwJq0FYtu+VEAruhBMGH+nNDQL+7gUbPL/6ms6ENc6p2TTIbg:QJ1tu+2A+MiSL1s6Ec6I3IE
Malware Config
Targets
-
-
Target
Sro Pet Filter .exe
-
Size
1.1MB
-
MD5
812a0b8c11d100bdf10cf06d7b2e7842
-
SHA1
43404bb678a9b83112c019355a33833f1cc76abd
-
SHA256
c0a740688c19986853e92544d1b76e8e98f0c53da8e3aa37ccb89e559cae3bb4
-
SHA512
e7c068e46d23487f97b1dbfa597aebb9e01cb20dc800ea1cbeb4239800dc8d07efb91a8ea86b269fc28d4731b51d525d5f0ea6143aa20d8c22f22173aa28fd0c
-
SSDEEP
24576:CS/6JDU1ruPvqcGEAXK9PASGuEsavOX9y+1Nwc9sQQsmH/:CS841rAvKK+tuEs9tyUgsmH/
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax family
-
Ardamax main executable
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1AppInit DLLs
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1AppInit DLLs
1