Overview

overview

10

Static

static

3

JaffaCakes...39.exe

windows7-x64

10

JaffaCakes...39.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_84ad097cada27deef4530c36e66aae39

  • Size

    481KB

  • Sample

    250203-fhlwyasnhk

  • MD5

    84ad097cada27deef4530c36e66aae39

  • SHA1

    4a4bbe7fbd2a5808f84b8fdace509bf3e4029745

  • SHA256

    7e1d084287a6b4b464650f8f82ea35ad552f192bbe7d90c3b9423237e2d3814b

  • SHA512

    56813290bbb3206a4974e8491e7780e1422bb4e6aae0b4b4f231bfd4d2841249f4ede9e43adacffb04450b5cd7cfebc228c1e82fa732f94328c15e95ad0fd453

  • SSDEEP

    12288:klN33T0G/5eEPOr9Oqjtz738T0VTZL+C4jlYOfj1t/jB:6TZ5eEPOr9OqZzgT0VTx+CU7vLB

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_84ad097cada27deef4530c36e66aae39

    • Size

      481KB

    • MD5

      84ad097cada27deef4530c36e66aae39

    • SHA1

      4a4bbe7fbd2a5808f84b8fdace509bf3e4029745

    • SHA256

      7e1d084287a6b4b464650f8f82ea35ad552f192bbe7d90c3b9423237e2d3814b

    • SHA512

      56813290bbb3206a4974e8491e7780e1422bb4e6aae0b4b4f231bfd4d2841249f4ede9e43adacffb04450b5cd7cfebc228c1e82fa732f94328c15e95ad0fd453

    • SSDEEP

      12288:klN33T0G/5eEPOr9Oqjtz738T0VTZL+C4jlYOfj1t/jB:6TZ5eEPOr9OqZzgT0VTx+CU7vLB

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks