Overview

overview

10

Static

static

3

JaffaCakes...3c.exe

windows7-x64

10

JaffaCakes...3c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_28cbb7e46c3dd74d28bd1d5ab5e8f13c

  • Size

    163KB

  • Sample

    250125-gp6elaypgy

  • MD5

    28cbb7e46c3dd74d28bd1d5ab5e8f13c

  • SHA1

    abd90abca64a292d3e03309338a9445ba6cdf038

  • SHA256

    cf3527128db278098cca1a842226a7b771c8327b7950d73318b230c67770ce49

  • SHA512

    1e58732f645379674ec960a670a6175a64a26d65d16451389fc876d4a7073b7326f66477f998f2f419fe03ec815fe57893fc2fe8e8ba25e67c1bb60a0c7d7c9f

  • SSDEEP

    3072:hePNhrDJ1YtUwIAsrygS+CqK5wiUSzH1h39iM/mPS8U5KkOoVf:aNhrDJCCMcygjpKiQhh3gXPGVOg

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      JaffaCakes118_28cbb7e46c3dd74d28bd1d5ab5e8f13c

    • Size

      163KB

    • MD5

      28cbb7e46c3dd74d28bd1d5ab5e8f13c

    • SHA1

      abd90abca64a292d3e03309338a9445ba6cdf038

    • SHA256

      cf3527128db278098cca1a842226a7b771c8327b7950d73318b230c67770ce49

    • SHA512

      1e58732f645379674ec960a670a6175a64a26d65d16451389fc876d4a7073b7326f66477f998f2f419fe03ec815fe57893fc2fe8e8ba25e67c1bb60a0c7d7c9f

    • SSDEEP

      3072:hePNhrDJ1YtUwIAsrygS+CqK5wiUSzH1h39iM/mPS8U5KkOoVf:aNhrDJCCMcygjpKiQhh3gXPGVOg

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks