Overview

overview

10

Static

static

3

JaffaCakes...ab.exe

windows7-x64

10

JaffaCakes...ab.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_7e367d31a66a7ed84def958465122dab

  • Size

    1.6MB

  • Sample

    250317-qq1eea1taz

  • MD5

    7e367d31a66a7ed84def958465122dab

  • SHA1

    f86051e5133ed9a303fb83eb3adc0488b6f74b0e

  • SHA256

    4467808dd00d5b469077b6169eb637752060f8856f32df44e042868c6b68ca41

  • SHA512

    96e0659b9e13c2154e6615c174b8919c898f0a2c9435a5b32983d59176c380ca75d96903ffb00678bc08969dea6505e5c26b4638c9b7b0f00493db46170eb47c

  • SSDEEP

    49152:+oTAOvQHAcgicr3zVDDUCgPZ6JZWS3ZdBCIsr:jIHAJ/rtWZ+WSHNsr

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      JaffaCakes118_7e367d31a66a7ed84def958465122dab

    • Size

      1.6MB

    • MD5

      7e367d31a66a7ed84def958465122dab

    • SHA1

      f86051e5133ed9a303fb83eb3adc0488b6f74b0e

    • SHA256

      4467808dd00d5b469077b6169eb637752060f8856f32df44e042868c6b68ca41

    • SHA512

      96e0659b9e13c2154e6615c174b8919c898f0a2c9435a5b32983d59176c380ca75d96903ffb00678bc08969dea6505e5c26b4638c9b7b0f00493db46170eb47c

    • SSDEEP

      49152:+oTAOvQHAcgicr3zVDDUCgPZ6JZWS3ZdBCIsr:jIHAJ/rtWZ+WSHNsr

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks