Overview

overview

10

Static

static

3

JaffaCakes...75.exe

windows7-x64

10

JaffaCakes...75.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_f3ac8fc094262583378913a5fab26475

  • Size

    880KB

  • Sample

    250214-fc7lfssndp

  • MD5

    f3ac8fc094262583378913a5fab26475

  • SHA1

    a9dd163f09f0f618e73d12896065aa0d1470a3e9

  • SHA256

    a882a48450f64f222b6de108a794aa8db33da2f5e854a93a96969e71157e86ba

  • SHA512

    58ba5d6146ecb2b3cda43ee54fcb04b2d27623f2a6d98301f67bd22ce116c10bd5b1e59a52ea58d3a2ea5588914675df217a4fd084f5cd14dce05f6eb8a93caa

  • SSDEEP

    24576:nKJSjpVl1rwKG365j8McJTaEcQ7D2ZkGTTgNBe2:nKQ7T5oaEeFTQBz

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_f3ac8fc094262583378913a5fab26475

    • Size

      880KB

    • MD5

      f3ac8fc094262583378913a5fab26475

    • SHA1

      a9dd163f09f0f618e73d12896065aa0d1470a3e9

    • SHA256

      a882a48450f64f222b6de108a794aa8db33da2f5e854a93a96969e71157e86ba

    • SHA512

      58ba5d6146ecb2b3cda43ee54fcb04b2d27623f2a6d98301f67bd22ce116c10bd5b1e59a52ea58d3a2ea5588914675df217a4fd084f5cd14dce05f6eb8a93caa

    • SSDEEP

      24576:nKJSjpVl1rwKG365j8McJTaEcQ7D2ZkGTTgNBe2:nKQ7T5oaEeFTQBz

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks