Overview

overview

10

Static

static

3

JaffaCakes...95.exe

windows7-x64

10

JaffaCakes...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_5a166cf185b764b0929b786dd9908e95

  • Size

    1.6MB

  • Sample

    250129-w9fr1avmbr

  • MD5

    5a166cf185b764b0929b786dd9908e95

  • SHA1

    ae388f30b6697a89d7f4943bbf7453ea5755b144

  • SHA256

    a7ce82733252232b6927fbc53c61a85abe3da08584acad38dc586a716004c879

  • SHA512

    5fb6d255e7860f2a2479cb3c8929b413fe3e25492157aa9592c2589834a3f6b57abe676b6e6b04d81e641d87c2a74228bd34fa60b52dbacfa163ae7968ef6b34

  • SSDEEP

    49152:CEdx0rCxL5m8ogpfIeno4HK133jWcxwO6U6TKOMSi7hC:/QGzbpfru9SU6TlMl7hC

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_5a166cf185b764b0929b786dd9908e95

    • Size

      1.6MB

    • MD5

      5a166cf185b764b0929b786dd9908e95

    • SHA1

      ae388f30b6697a89d7f4943bbf7453ea5755b144

    • SHA256

      a7ce82733252232b6927fbc53c61a85abe3da08584acad38dc586a716004c879

    • SHA512

      5fb6d255e7860f2a2479cb3c8929b413fe3e25492157aa9592c2589834a3f6b57abe676b6e6b04d81e641d87c2a74228bd34fa60b52dbacfa163ae7968ef6b34

    • SSDEEP

      49152:CEdx0rCxL5m8ogpfIeno4HK133jWcxwO6U6TKOMSi7hC:/QGzbpfru9SU6TlMl7hC

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks