Overview

overview

10

Static

static

10

JaffaCakes...4f.exe

windows7-x64

10

JaffaCakes...4f.exe

windows10-2004-x64

10

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

AKV.exe

windows7-x64

3

AKV.exe

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.dll

windows7-x64

3

HTV.dll

windows10-2004-x64

8

HTV.chm

windows7-x64

1

HTV.chm

windows10-2004-x64

8

HTV.exe

windows7-x64

6

HTV.exe

windows10-2004-x64

8

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

8

qs.html

windows7-x64

3

qs.html

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_c69a4d5254922580b97027536e71354f

  • Size

    417KB

  • Sample

    250208-x8fw2szlbt

  • MD5

    c69a4d5254922580b97027536e71354f

  • SHA1

    65af75ea166bfeb08774967e4aa61dc1810e90f2

  • SHA256

    dd95ff1cd98b08e9c099e668053ce125c5feed1820d8e1b1f03b422010417b00

  • SHA512

    c86b4bc19816f700c4ba01521b227b5651c1dd93960dce1902b1cb6aca668ff71cf88a33ae22cfeb47020d87398cdc18e6563b78a6cfd922f71b8f48c7a5fcbf

  • SSDEEP

    6144:j8PoYDUEeS6nca0WPwduwuh/u/mZpZg0a6itWkJZpVpBpeFTBjzP0UPQ4KNICn8e:3YUS2hVEuXwb6iI2lDpeFtzP0riCCg

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_c69a4d5254922580b97027536e71354f

    • Size

      417KB

    • MD5

      c69a4d5254922580b97027536e71354f

    • SHA1

      65af75ea166bfeb08774967e4aa61dc1810e90f2

    • SHA256

      dd95ff1cd98b08e9c099e668053ce125c5feed1820d8e1b1f03b422010417b00

    • SHA512

      c86b4bc19816f700c4ba01521b227b5651c1dd93960dce1902b1cb6aca668ff71cf88a33ae22cfeb47020d87398cdc18e6563b78a6cfd922f71b8f48c7a5fcbf

    • SSDEEP

      6144:j8PoYDUEeS6nca0WPwduwuh/u/mZpZg0a6itWkJZpVpBpeFTBjzP0UPQ4KNICn8e:3YUS2hVEuXwb6iI2lDpeFtzP0riCCg

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      $PLUGINSDIR/InstallOptions.dll

    • Size

      12KB

    • MD5

      b3ebe1cb6bdd529302c121dd4e2e0d00

    • SHA1

      305f022e7e3ef0ae6cdc5f18bd6adc3032f64304

    • SHA256

      5a1696f9892567b3339faf2bf4df5eb1d2d886c49807529028b65f0f493e79b2

    • SHA512

      6f6ea4aec1588bb6f7ab4f8422942ac0acbddb8b916af2ead039b434bec6db4d0bf64deb3b8d6cc33666cabd70024a1208411ab6e0ee10bcf98c47951f8d359a

    • SSDEEP

      384:7Klm7i+c3QW6ckPhyDEaLnu2bbBBIXwZ:mqi8BcyhEhLjbbTI

    Score
    3/10
    discovery
    behavioral3behavioral4

    • Target

      AKV.exe

    • Size

      393KB

    • MD5

      24781fcca21b8baca869cf2307d7f9f4

    • SHA1

      148ed81fc561c9547ce4203926bf742162b177dd

    • SHA256

      0e0aa9ae7d0ff11c8757768527ca3ae61f56d51cb645e88421d4905db14c5032

    • SHA512

      e2769dc1194a909c9a9fc42faefc5c67c94297eded8cd95c8b4de5f1b5666ddbfd14fb5fdff0811c2840c6e318ff60b80693eaa78be3f7904887aa2122ae5b5a

    • SSDEEP

      6144:AYY6xNCOjjMe7iGXmdbbfQ0aRzhOSZ29tns/5VENfS+O:LJoe7iGkffsRdOSYtg

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral5behavioral6

    • Target

      HTV.003

    • Size

      4KB

    • MD5

      d9e02f226fc338d14df200ba9a700625

    • SHA1

      414f134a16a309b31e418ed9e08c0c48aaf6e2bc

    • SHA256

      8165757efb79acceb9fd0bfae6b2c19b8f087cc0461abb17941d460dbdf2e260

    • SHA512

      13c73381602fe2593312d41ab4bc5cd5f922ac651f9e71e3fe3c58e7f0c5c73ecc9d79d61ec46f33a0a81cf73373421eeb510bd99650c0f53af30974ed61b8ca

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral7behavioral8

    • Target

      HTV.004

    • Size

      14KB

    • MD5

      661aab4571bea11f40a403b154d6dba8

    • SHA1

      731266406f6458c99bc8c1a9b3d3b7eb0d0eac6f

    • SHA256

      580e5897b0cd5ec956020f2d482dc953b57817bc83b2dfac72574e1e33c18412

    • SHA512

      b3cf1713f972839afded4b9760b615821d237d6fbab4b6215e5dc6aa964544f1d16ef9dc08f8d58e369cd91f56b3a6e06b15587b1ece4c680f3b2f98f6c2879d

    • SSDEEP

      384:ItkaCh/Mg3dy/AdMNscqXXTB4EKS40TN99AOK:okaCh/UGMJTNWTNLAx

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral10behavioral9

    • Target

      HTV.006

    • Size

      7KB

    • MD5

      32dd7b4bc8b6f290b0ece3cc1c011c96

    • SHA1

      b979683868b399c6a6204ebaed9fc9c784a0429a

    • SHA256

      6dcce9bbba5c2de47eea3abf7597a9c4fb2e4d358efc3752fa65c169cccfa2a1

    • SHA512

      9e0d720799fe816f7d09c8a722b762203b6f12a8625c1c93cd640219ecc35969bd641b4d9e6dc04ab6f95ceb73235a438eb7d48ee9402118db3618b5760551ea

    • SSDEEP

      96:605h3mtCUYixcZQDXQHTcXXCYTJ+cwMswHO1yWCj0GMRZQfHY2mIXT6pDM05px:j3mPYkpAH4XyY1chCCRZY4yD6po05px

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral11behavioral12

    • Target

      HTV.007

    • Size

      5KB

    • MD5

      e8155b68775ed29590e14df80fdc0e9f

    • SHA1

      ed449da02e648a524004c265f3c37496d2f07f1f

    • SHA256

      b39ba894b0a9a3201461ddd9ee9b297928e793dff221a47f019e75c11df631f3

    • SHA512

      b14e00c46cf9bed0aca0f85775f624ff064f2d2afe1fa68b61bee5729db73cf9a8eced669c52d7cbb9504ff1b369a9a16a0f36c71a70c13c0bd1eaf5e07ccc11

    • SSDEEP

      48:6gklb8swUQEEiD4rAK2zlN030JddCyX35IECi1cBaVM+kHus:6gSXDE+N034dnn+ECiRQHus

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral13behavioral14

    • Target

      HTV.chm

    • Size

      33KB

    • MD5

      14d48e19bff3bfc93a44a4af777fa8a7

    • SHA1

      ccb4ef17fef63576f484618ccda0764928338b22

    • SHA256

      c485d51d0bb639d7bfdfb447337171af13cff1ad9c3e344e55395a7c17e1e1c1

    • SHA512

      11d4e09364b4e496e93b760708f1a403c3a39016d79e801cfb78e1adcf53dfac8ac6e7187d9faa6c4baf5bc008cbc2e8c56e636d8a8fc41bd90543f78f33238d

    • SSDEEP

      768:V3fccCfTSjb0O+TJPHjnKFZi4LHnX1OuYtWWkf2Ni76:V3fccCfTcg1eXJjAkmU6

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral15behavioral16

    • Target

      HTV.exe

    • Size

      471KB

    • MD5

      3c06bbc025b61d2182ef5573f2852bda

    • SHA1

      ebc1464c00b13fb5b3f80a59c80b595020e1fe7c

    • SHA256

      e7f64e7215284cdeb8ef1eba28733f7aeae7f6977f82809d8de1e76a2e249085

    • SHA512

      9d839ada211b85fc1efb1fe7bb3ce66fcf0e8069221d958234649c2ac5dc0f1bd06f1a016f9c727077af36fb46cac5409be9c8a8201d17f689c6b473aa01acdc

    • SSDEEP

      6144:zKUPSpAj+eoCqNZ+EI2vGbABvu7sOFCKK8vPntd/2VqNGu9c8Ab:Suj++EpvGyJOFCAgb

    Score
    8/10
    discoverypersistence

    • Downloads MZ/PE file

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral17behavioral18

    • Target

      Uninstall.exe

    • Size

      44KB

    • MD5

      83cac9da65204dca68d957c5731a7059

    • SHA1

      0291f20c8144494e9eb06b818bed447afee91f09

    • SHA256

      9704a03d01c430189525b18b519d77337e230ccd09ca37d2ee1a25a38f5cec0f

    • SHA512

      4be4fc5cfd21ba4affff87ca1698ba63a62a2d899538ba6034e71a2451d63f545b4e29f8fd5875e0339f97eca360b46fac85d7ca26c7e37a8ea4b3ca65457673

    • SSDEEP

      768:2QSYaefDRwYxmDTR9RAdJF4cZqF86eWkJ6ls5PyXbNOEF5M8awPPw:jjae1wYxmBBoskJt5REF5M8awPPw

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    behavioral19behavioral20

    • Target

      qs.html

    • Size

      1KB

    • MD5

      40d00fa24b9cc44fbf2d724842808473

    • SHA1

      c0852aa2fb916c051652a8b2142ffb9d8c7ac87a

    • SHA256

      35b0f1bb808e1623ad534fbc1e72cea25ac28f71340e9c543f01d1bfdd094035

    • SHA512

      9eb750e08ca9750988290626ae8ed32a2ecfa7c8ca021b3e26b3da0a94de952b991a9a6a0ad5729d7d5ccf7b3b36fb36fd24047f705d0468ad04908ba8a7154c

    Score
    8/10
    discovery

    • Downloads MZ/PE file

    behavioral21behavioral22

MITRE ATT&CK Enterprise v15

Tasks

static1

ardamax
Score
10/10

behavioral1

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral2

ardamaxdiscoverykeyloggerpersistencestealer
Score
10/10

behavioral3

discovery
Score
3/10

behavioral4

discovery
Score
3/10

behavioral5

discovery
Score
3/10

behavioral6

discovery
Score
8/10

behavioral7

discovery
Score
3/10

behavioral8

discovery
Score
8/10

behavioral9

discoverypersistence
Score
6/10

behavioral10

discoverypersistence
Score
8/10

behavioral11

discovery
Score
3/10

behavioral12

discovery
Score
8/10

behavioral13

discovery
Score
3/10

behavioral14

discovery
Score
8/10

behavioral15

Score
1/10

behavioral16

discovery
Score
8/10

behavioral17

discoverypersistence
Score
6/10

behavioral18

discoverypersistence
Score
8/10

behavioral19

discovery
Score
7/10

behavioral20

discovery
Score
8/10

behavioral21

discovery
Score
3/10

behavioral22

discovery
Score
8/10