Overview

overview

10

Static

static

10

JaffaCakes...bb.exe

windows7-x64

10

JaffaCakes...bb.exe

windows10-2004-x64

10

is155016.exe

windows7-x64

3

is155016.exe

windows10-2004-x64

3

setup_akl.exe

windows7-x64

10

setup_akl.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

AKV.exe

windows7-x64

3

AKV.exe

windows10-2004-x64

3

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

6

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

3

HTV.chm

windows7-x64

1

HTV.chm

windows10-2004-x64

1

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

6

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

qs.html

windows7-x64

3

qs.html

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_3580f87fe087994c3fb1f52353e8e9bb

  • Size

    555KB

  • Sample

    250126-pqbkls1nex

  • MD5

    3580f87fe087994c3fb1f52353e8e9bb

  • SHA1

    b2b962df988b3cdeae1cd269a67d9ace46600efe

  • SHA256

    e4f51c8c20e4ce5304ec5e51b51743af1471bb99bd27ffd7581ae99d47d8416a

  • SHA512

    eb21b3a95075474b1095e10299a563b0f9e18e55a83b8e996e7874cb84f831e6e2fd6c844b45ddadfc6ac20734652a0082c94deae86bd0924b5495ac0e35ecfd

  • SSDEEP

    12288:MrPTRz+RidaaKbBEoUVSvVDyz1SQdLzt03nxaMQ:MDTgcaaKbBMAZI1SgUnxaX

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_3580f87fe087994c3fb1f52353e8e9bb

    • Size

      555KB

    • MD5

      3580f87fe087994c3fb1f52353e8e9bb

    • SHA1

      b2b962df988b3cdeae1cd269a67d9ace46600efe

    • SHA256

      e4f51c8c20e4ce5304ec5e51b51743af1471bb99bd27ffd7581ae99d47d8416a

    • SHA512

      eb21b3a95075474b1095e10299a563b0f9e18e55a83b8e996e7874cb84f831e6e2fd6c844b45ddadfc6ac20734652a0082c94deae86bd0924b5495ac0e35ecfd

    • SSDEEP

      12288:MrPTRz+RidaaKbBEoUVSvVDyz1SQdLzt03nxaMQ:MDTgcaaKbBMAZI1SgUnxaX

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      is155016.exe

    • Size

      92KB

    • MD5

      cd5ca8c901b504506c16915ead6131f0

    • SHA1

      a49b2c83c00752c297579f32f4089555986a3e94

    • SHA256

      7095d5866f8378beffedf836e451cd0416d8342e39138d91bc3391d49f472e45

    • SHA512

      5ced517f81db55f0b3af70489efdb7a31898642b06a115c77651869383056253c4b179da6988ce3317a3f62584b99e7c84cf379a561667d1150b8feaa6a9f3e1

    • SSDEEP

      1536:HUqkw/OYBCDVZC6iaYXcnk737NZiaQ8EpIGkbzdW8hT/W0/V2hX9GD0a2pl/Iyi9:0OOYBCD1NkuvkbzIQW0/UX9Ay7zM

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      setup_akl.exe

    • Size

      418KB

    • MD5

      f6699e0d27e915996f33ddf617c9bf6c

    • SHA1

      74d69a9449331b90e46ae01577b4714b1a35391a

    • SHA256

      e2dc1886ca386f8717079b28cd52c1843de737ee24f2e521972730b9a6503c1f

    • SHA512

      104451a409acf12db353259e86b00e40b079e657f2c456a9f339977cd0a972dc23af16d2f85da12b6728294560b3cf13afe380dafe1a87ba62c81ff72b127c54

    • SSDEEP

      12288:XDKLYe6zUbRrda8Kb9zoNVSbVhyzCe1PXcZgE:TKLuGJa8Kb9q+XI51PMZgE

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral5behavioral6

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      14KB

    • MD5

      296a5f3179fa8d7a7a855eaf696ede44

    • SHA1

      57aa5b71553ed282dd22c768e039a187f5c13f63

    • SHA256

      ee0ad77e681c4d0fdf1d67df5f4ca03e6bdd8e3b05dfb47a83ad5c733ed62960

    • SHA512

      bc527d1485f468e8d098057e0e38e8cb7aa6eb64d4ca30927b99b1552a3177b132b989015ff95bdf2ca046bf11a54b4b456f51e024fbc734fbb548c3499e53f6

    • SSDEEP

      192:r6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTyK72dwF7dBdcQOz:r6JaVh4I5rpPbTy+BdhO

    Score
    3/10
    discovery
    behavioral7behavioral8

    • Target

      AKV.exe

    • Size

      395KB

    • MD5

      b8fa30233794772b8b76b4b1d91c7321

    • SHA1

      0cf9561be2528944285e536f41d502be24c3aa87

    • SHA256

      14116fa79ccc105fabd312b4dff74933f8684c6b27db37e5e3a79d159092d29a

    • SHA512

      10ce8b18e7afb8c7e30bb90b0a1f199ef0b77873fa7a9efc596606e151be6b516c0ec6222a9032bdcc527e80964f53d20a28fa1881a08b4df303b2e28204549d

    • SSDEEP

      6144:qXXNW/g8zSQbXumJZwsP2IUPNF/GVx8MFC:+XbySQjuG/P2bd

    Score
    3/10
    discovery
    behavioral10behavioral9

    • Target

      HTV.003

    • Size

      4KB

    • MD5

      c3679c3ff636d1a6b8c65323540da371

    • SHA1

      d184758721a426467b687bec2a4acc80fe44c6f8

    • SHA256

      d4eba51c616b439a8819218bddf9a6fa257d55c9f04cf81441cc99cc945ad3eb

    • SHA512

      494a0a32eef4392ecb54df6e1da7d93183473c4e45f4ac4bd6ec3b0ed8c85c58303a0d36edec41420d05ff624195f08791b6b7e018419a3251b7e71ec9b730e7

    Score
    3/10
    discovery
    behavioral11behavioral12

    • Target

      HTV.004

    • Size

      14KB

    • MD5

      bda4860df26a5882b42b6b861376199d

    • SHA1

      8437ec07c9bc3001756ae0cb214b99e1e8a53fdb

    • SHA256

      9ed69f6ee86a7fca1f3ef7801d08b38d9e82ab649e6169e894e48ce85b43dc30

    • SHA512

      484f45aaacdb4be03752df49c337c7596d539ee0442412083fcfeea78e1c485caf1fbb25cf8a749611358e3a895232f8d0c61c91545d98a3f2a3e1aa504859c6

    • SSDEEP

      384:qq/qih/MPPlOXAd4hIcWpXTxzE+w0TN99EuK:qq/qih/jG45O5FTNLER

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral13behavioral14

    • Target

      HTV.006

    • Size

      8KB

    • MD5

      43f02e9974b1477c1e6388882f233db0

    • SHA1

      f3e27b231193f8d5b2e1b09d05ae3a62795cf339

    • SHA256

      3c9e56e51d5a7a1b9aefe853c12a98bf246039aa46db94227ea128f6331782ba

    • SHA512

      e22d14735606fe75ee5e55204807c3f5531d3e0c4f63aa4a3b2d4bb6abda6128c7e2816753f2e64400ac6dae8f8ef1e013a7a464dff2a79ad9937c48821a067f

    • SSDEEP

      96:6ynh3GtCJk7eZjXOoP/YYfR+cwXofW1oEIYoWkQrWyHe1e2mIXT6pDw9:H3Ggk0+oP/YY50tI1WkQRoeyD6pU9

    Score
    3/10
    discovery
    behavioral15behavioral16

    • Target

      HTV.007

    • Size

      5KB

    • MD5

      b5a87d630436f958c6e1d82d15f98f96

    • SHA1

      d3ff5e92198d4df0f98a918071aca53550bf1cff

    • SHA256

      a895ad4d23e8b2c2dc552092f645ca309e62c36d4721ebfe7afd2eee7765d4b2

    • SHA512

      fd7bae85a86bdaa12fec826d1d38728a90e2037cb3182ad7652d8a9f54c4b322734c587b62221e6f907fce24fcf2e0ae4cce1f5e3d8861661064b4da24bd87ce

    • SSDEEP

      48:6gklbZREoW0EE/KD4tJaKz5/aSbRsEJZAECi1cBaVM+kHbDouE:6gSoDidaeJGECiRQHbDoz

    Score
    3/10
    discovery
    behavioral17behavioral18

    • Target

      HTV.chm

    • Size

      33KB

    • MD5

      0195038e7af8da97742eb0188204c3bf

    • SHA1

      b8c089c701ab283fa5aa921270b317c07cbee2c7

    • SHA256

      fc14326e0719e0a59ba8fbb6763f2cc41b47d59ef177c90dc3535cd3a38720b9

    • SHA512

      938c3a59895d861eb67a56f365fd387b122d42ff7bb52e5014faa738150d1eed2cd4a52b231ff70f1184fd7e3f0eb991096813b9933e574a7b4383f768384b04

    • SSDEEP

      768:4pfTcCfTSjb0O+TJPHjnKFZi4LHnX1OsFmncv6NpP2UT:4pfTcCfTcg1eXJjmncv6NpPV

    Score
    1/10
    behavioral19behavioral20

    • Target

      HTV.exe

    • Size

      473KB

    • MD5

      17535dddecf8cb1efdba1f1952126547

    • SHA1

      a862a9a3eb6c201751be1038537522a5281ea6cb

    • SHA256

      1a3d28ac6359e58aa656f4734f9f36b6c09badadcf9fb900b9b118d90c38a9dd

    • SHA512

      b4f31b552ab3bb3dafa365aa7a31f58674ae7ee82ce1d23457f2e7047431430b00abb3b5498491725639daf583b526b278a737168cfdc4e9ec796dfbc14a53d8

    • SSDEEP

      6144:gP/HgQr8z0psVGBJbsvUIvpBSkULIMxEIvs/IV2JN4Xd8Ab:0gQNIGBJ/igkUYItFb

    Score
    6/10
    discoverypersistence

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral21behavioral22

    • Target

      Uninstall.exe

    • Size

      43KB

    • MD5

      916ced19a86ac3006f26ea60719dd648

    • SHA1

      68278a4c3d5202fff273844d8e4b488fc1daddcd

    • SHA256

      3dc70f9fc553517666be9008ebcfab2b044ff711036d49e40144e0dd97910734

    • SHA512

      9c08cbca52a17f810f3892d66a72ff37c3af5a60ebe34f56e3937c933e265ae0e4207410f7778434cb203a76e36dc62df09a08f3b3f4338d35b44d5c5bc8bb28

    • SSDEEP

      768:dsXaaLGrI0+zMwduCWgNzkkRriqskbELjlF58e1mJDGlsCxKOeRTBAzXw3x7q:dxGGrf+wMRVrkxmJ9CxMAbcxe

    Score
    7/10
    discovery

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral23behavioral24

    • Target

      qs.html

    • Size

      1KB

    • MD5

      40d00fa24b9cc44fbf2d724842808473

    • SHA1

      c0852aa2fb916c051652a8b2142ffb9d8c7ac87a

    • SHA256

      35b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035

    • SHA512

      9eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c

    Score
    3/10
    discovery
    behavioral25behavioral26

MITRE ATT&CK Enterprise v15

Tasks

static1

ardamax
Score
10/10

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral6

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
3/10

behavioral9

discovery
Score
3/10

behavioral10

discovery
Score
3/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
3/10

behavioral13

discoverypersistence
Score
6/10

behavioral14

discoverypersistence
Score
6/10

behavioral15

discovery
Score
3/10

behavioral16

discovery
Score
3/10

behavioral17

discovery
Score
3/10

behavioral18

discovery
Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

discoverypersistence
Score
6/10

behavioral22

discoverypersistence
Score
6/10

behavioral23

discovery
Score
7/10

behavioral24

discovery
Score
7/10

behavioral25

discovery
Score
3/10

behavioral26

discovery
Score
3/10