Overview

overview

10

Static

static

3

JaffaCakes...13.exe

windows7-x64

10

JaffaCakes...13.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7689cfe186b8b43b5ac237f0d7ae3d13

  • Size

    505KB

  • Sample

    250201-2zz1sawmgk

  • MD5

    7689cfe186b8b43b5ac237f0d7ae3d13

  • SHA1

    acf50b85df3c5ffe0be95c98458f19f413c53cb0

  • SHA256

    78c94b57ea5e7dbf7c47bf19e7248d828a0669255dd2019cdf155d89b790d348

  • SHA512

    6ce6061fd49e95da868bc0af8f763d66c20e365ed8f6cb1c91b5e58ea1aff57a98aafdd6147801758a8a3033b0f14a62ab27c3731830263c12fe16fda74dd468

  • SSDEEP

    12288:OkKYVhaKByn4nfa+/EktpwsELreoOyyM/beuU:sY2KBy4y+/VpwZddy2qR

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_7689cfe186b8b43b5ac237f0d7ae3d13

    • Size

      505KB

    • MD5

      7689cfe186b8b43b5ac237f0d7ae3d13

    • SHA1

      acf50b85df3c5ffe0be95c98458f19f413c53cb0

    • SHA256

      78c94b57ea5e7dbf7c47bf19e7248d828a0669255dd2019cdf155d89b790d348

    • SHA512

      6ce6061fd49e95da868bc0af8f763d66c20e365ed8f6cb1c91b5e58ea1aff57a98aafdd6147801758a8a3033b0f14a62ab27c3731830263c12fe16fda74dd468

    • SSDEEP

      12288:OkKYVhaKByn4nfa+/EktpwsELreoOyyM/beuU:sY2KBy4y+/VpwZddy2qR

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks