Overview

overview

10

Static

static

3

JaffaCakes...13.exe

windows7-x64

10

JaffaCakes...13.exe

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_05dce435f788e5a0860ebc3a3110e613

  • Size

    1.3MB

  • Sample

    250219-ralfzssman

  • MD5

    05dce435f788e5a0860ebc3a3110e613

  • SHA1

    0490527b9bcf76f930e1be380b73cb24a8a58064

  • SHA256

    612e6d4c2df672a77f8980885d47be99548db9cb2c1dccc46eb9837a79ff588f

  • SHA512

    fe4b6100b2cc1cee935563121804300d3c74c51c749cd6ff821893b4925d0de07ec88e1279056a63bb54c49b65628a3ed881dc87a6ec183bcb140cf3f80ec7ba

  • SSDEEP

    24576:IQh2wV0DAhhkpT8fwOBszhy6Retsuk4ZJjXOtsD2fV0hJ654CYB6oP1ze8:tow0D4KVrOeyuehHjXUJfcJ8boP1ze8

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_05dce435f788e5a0860ebc3a3110e613

    • Size

      1.3MB

    • MD5

      05dce435f788e5a0860ebc3a3110e613

    • SHA1

      0490527b9bcf76f930e1be380b73cb24a8a58064

    • SHA256

      612e6d4c2df672a77f8980885d47be99548db9cb2c1dccc46eb9837a79ff588f

    • SHA512

      fe4b6100b2cc1cee935563121804300d3c74c51c749cd6ff821893b4925d0de07ec88e1279056a63bb54c49b65628a3ed881dc87a6ec183bcb140cf3f80ec7ba

    • SSDEEP

      24576:IQh2wV0DAhhkpT8fwOBszhy6Retsuk4ZJjXOtsD2fV0hJ654CYB6oP1ze8:tow0D4KVrOeyuehHjXUJfcJ8boP1ze8

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks