Overview

overview

10

Static

static

3

JaffaCakes...6a.exe

windows7-x64

10

JaffaCakes...6a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4f9b74a1fca3ab8687b889c84dcae26a

  • Size

    544KB

  • Sample

    250128-1k6pcaskhx

  • MD5

    4f9b74a1fca3ab8687b889c84dcae26a

  • SHA1

    f16be9c4dd966593fae55b76d29fb7514e40b3c2

  • SHA256

    fd7c5e08474e789d2185bb852021f56021b86efc31a138a6453de66f3604168c

  • SHA512

    1fa2f56fbe98dc5e8a368c7cfea833154a5862f7235f6f2ba8ba981f0cf2dee8a3925dc7987d835dad7fa28e78022aed5b2a11f63c22a5dc4c65fcb5a5dd19aa

  • SSDEEP

    12288:1YtoJgkcWMT+ffOHQglazHHOmVo0uOcNys8hy0InNHiFh6:qt3nWMSWHQglzeo0uDgzhgBiD6

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_4f9b74a1fca3ab8687b889c84dcae26a

    • Size

      544KB

    • MD5

      4f9b74a1fca3ab8687b889c84dcae26a

    • SHA1

      f16be9c4dd966593fae55b76d29fb7514e40b3c2

    • SHA256

      fd7c5e08474e789d2185bb852021f56021b86efc31a138a6453de66f3604168c

    • SHA512

      1fa2f56fbe98dc5e8a368c7cfea833154a5862f7235f6f2ba8ba981f0cf2dee8a3925dc7987d835dad7fa28e78022aed5b2a11f63c22a5dc4c65fcb5a5dd19aa

    • SSDEEP

      12288:1YtoJgkcWMT+ffOHQglazHHOmVo0uOcNys8hy0InNHiFh6:qt3nWMSWHQglzeo0uDgzhgBiD6

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks