Overview

overview

10

Static

static

3

JaffaCakes...2e.exe

windows7-x64

10

JaffaCakes...2e.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7d60dcadd3439fc0264e4c9205caf32e

  • Size

    555KB

  • Sample

    250202-qytxlawlgj

  • MD5

    7d60dcadd3439fc0264e4c9205caf32e

  • SHA1

    b27e196cf29294e8d81418d92727bea307ea87ce

  • SHA256

    e9906a0dc26e94aac43fa0edd9ec09c3945c88bc64f38ca53f082c9bdfbaf81d

  • SHA512

    efebc27c5824d16be553dd3be443bf2e71756af3bba9573fb37c8698f64a63f8d7becfa37819b705545e187d892d4882309601b6b054d13ecbb8146e0ace5580

  • SSDEEP

    12288:UCes1bskcWGTsE16JNCLnPnpAXboRMZmIw:Fes1bsnWGoE16fCLnPnpAXboiZmIw

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_7d60dcadd3439fc0264e4c9205caf32e

    • Size

      555KB

    • MD5

      7d60dcadd3439fc0264e4c9205caf32e

    • SHA1

      b27e196cf29294e8d81418d92727bea307ea87ce

    • SHA256

      e9906a0dc26e94aac43fa0edd9ec09c3945c88bc64f38ca53f082c9bdfbaf81d

    • SHA512

      efebc27c5824d16be553dd3be443bf2e71756af3bba9573fb37c8698f64a63f8d7becfa37819b705545e187d892d4882309601b6b054d13ecbb8146e0ace5580

    • SSDEEP

      12288:UCes1bskcWGTsE16JNCLnPnpAXboRMZmIw:Fes1bsnWGoE16fCLnPnpAXboiZmIw

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks