Overview

overview

10

Static

static

3

JaffaCakes...56.exe

windows7-x64

10

JaffaCakes...56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_13ce286b15770d1fda8b4ef35d775556

  • Size

    1.2MB

  • Sample

    250221-tvlnlavrfj

  • MD5

    13ce286b15770d1fda8b4ef35d775556

  • SHA1

    855a6b8bb0255d0131fc2894b314d7bcf5ce07d9

  • SHA256

    6561002d63a2ac3bac59c72f99316d87aba6f8432de4503281b0db139b2b0e84

  • SHA512

    e1506be8f45f3cd149f94a57d09d7494c2ea7db9b387767fcbeea5490a7641a065f97238298747ffc28bf54b04ef0543af1fd893eae29fe07c0e36448e8db968

  • SSDEEP

    24576:k64MVTG9Nuhlvyb4tKsFW66W7XjFpoiJenaSkis:k64MTZKwWBWbHaa9i

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_13ce286b15770d1fda8b4ef35d775556

    • Size

      1.2MB

    • MD5

      13ce286b15770d1fda8b4ef35d775556

    • SHA1

      855a6b8bb0255d0131fc2894b314d7bcf5ce07d9

    • SHA256

      6561002d63a2ac3bac59c72f99316d87aba6f8432de4503281b0db139b2b0e84

    • SHA512

      e1506be8f45f3cd149f94a57d09d7494c2ea7db9b387767fcbeea5490a7641a065f97238298747ffc28bf54b04ef0543af1fd893eae29fe07c0e36448e8db968

    • SSDEEP

      24576:k64MVTG9Nuhlvyb4tKsFW66W7XjFpoiJenaSkis:k64MTZKwWBWbHaa9i

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks