ardamax | ded1c934280294375d7b926773511e4d5e6c8dbb22b0dd25a80a6b0b3af065d3 | Triage

Sharing

General

Target

JaffaCakes118_324154483b20e6f67a3c1486e3fc7c6a
Size

472KB
Sample

250126-eb3enssmem
MD5

324154483b20e6f67a3c1486e3fc7c6a
SHA1

d6630eb1d8555b48413434b4a5d54c8de819cbf8
SHA256

ded1c934280294375d7b926773511e4d5e6c8dbb22b0dd25a80a6b0b3af065d3
SHA512

36349f7c53b9989eac63e8c91b7fb009a5a0dce934242ae5956a5e3d3764949a87296adeba81f3da96b5e035f3755b4dd75de2ffa211b7db296313c52f6d478b
SSDEEP

6144:2BIhglmCAIoqDeLEQhb98+iyvqUFIraPQbCV/cVxNFqQwBUXAb:+l6jEQhIqqUFINWbZb

Score

10^/10

ardamax discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_324154483b20e6f67a3c1486e3fc7c6a
- Size
  
  472KB
- MD5
  
  324154483b20e6f67a3c1486e3fc7c6a
- SHA1
  
  d6630eb1d8555b48413434b4a5d54c8de819cbf8
- SHA256
  
  ded1c934280294375d7b926773511e4d5e6c8dbb22b0dd25a80a6b0b3af065d3
- SHA512
  
  36349f7c53b9989eac63e8c91b7fb009a5a0dce934242ae5956a5e3d3764949a87296adeba81f3da96b5e035f3755b4dd75de2ffa211b7db296313c52f6d478b
- SSDEEP
  
  6144:2BIhglmCAIoqDeLEQhb98+iyvqUFIraPQbCV/cVxNFqQwBUXAb:+l6jEQhIqqUFINWbZb
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence

behavioral2

discoverypersistence