Overview

overview

10

Static

static

3

JaffaCakes...19.exe

windows7-x64

10

JaffaCakes...19.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_4b651b1962a3b6bc23c039c8fe791819

  • Size

    934KB

  • Sample

    250128-qrc1hasqfk

  • MD5

    4b651b1962a3b6bc23c039c8fe791819

  • SHA1

    64e225d0a752db97f0e9ee6079324057b1c0c021

  • SHA256

    62e6c913904f5d14298479db851c04a4579fc2a784a9f4216b74f55f7035edb6

  • SHA512

    fd10dcb4db7888318e41b9345ce8f7f52c0fb75666586119cf979316bf3629c0c32a365450dea4c5023f676895697e4636603105a35fcf1c3285dc9de0a3b703

  • SSDEEP

    24576:b64MVTWZrWbdAngt1xoUX3Np6aZN0nfNIk1vk4ifk7xCKp5:b64MTymMjaQfNV5k4iW4Kp

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_4b651b1962a3b6bc23c039c8fe791819

    • Size

      934KB

    • MD5

      4b651b1962a3b6bc23c039c8fe791819

    • SHA1

      64e225d0a752db97f0e9ee6079324057b1c0c021

    • SHA256

      62e6c913904f5d14298479db851c04a4579fc2a784a9f4216b74f55f7035edb6

    • SHA512

      fd10dcb4db7888318e41b9345ce8f7f52c0fb75666586119cf979316bf3629c0c32a365450dea4c5023f676895697e4636603105a35fcf1c3285dc9de0a3b703

    • SSDEEP

      24576:b64MVTWZrWbdAngt1xoUX3Np6aZN0nfNIk1vk4ifk7xCKp5:b64MTymMjaQfNV5k4iW4Kp

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks