Overview

overview

10

Static

static

3

JaffaCakes...3f.exe

windows7-x64

10

JaffaCakes...3f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_aa3b6f93127cef80c8a6263156aa253f

  • Size

    1023KB

  • Sample

    250206-mqyzssvjbl

  • MD5

    aa3b6f93127cef80c8a6263156aa253f

  • SHA1

    ddc5d38de0b2ff6661894cd7226c265c1a49eea9

  • SHA256

    a98decf0febd1dd8f5f11da1a3beebead573ff70ca168203e5714388529d9a32

  • SHA512

    c852c3a00d5370ae9f9fd631bb5ff2e0c52456ae55ad19e1cdffab4b40cc8809d658f3f562275f31e49c19bc4eda7b3cfbb959c8e98ea3908aa5366fd876adea

  • SSDEEP

    24576:LbPTNNGRWmlgU4LB4g2dyzvRBwQS/g2gB7hddPw2y:L7TNsR3GLmHdip7S/DgB7O2

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_aa3b6f93127cef80c8a6263156aa253f

    • Size

      1023KB

    • MD5

      aa3b6f93127cef80c8a6263156aa253f

    • SHA1

      ddc5d38de0b2ff6661894cd7226c265c1a49eea9

    • SHA256

      a98decf0febd1dd8f5f11da1a3beebead573ff70ca168203e5714388529d9a32

    • SHA512

      c852c3a00d5370ae9f9fd631bb5ff2e0c52456ae55ad19e1cdffab4b40cc8809d658f3f562275f31e49c19bc4eda7b3cfbb959c8e98ea3908aa5366fd876adea

    • SSDEEP

      24576:LbPTNNGRWmlgU4LB4g2dyzvRBwQS/g2gB7hddPw2y:L7TNsR3GLmHdip7S/DgB7O2

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks