ardamax | a7df7a64ece2ecdfda809f299468a6f61a74aec1c15cebf7d51eb5fe68b2396d | Triage

Sharing

General

Target

JaffaCakes118_b6c8ef48cb7896740ff400e8924ead22
Size

286KB
Sample

250414-ghg4es1yfs
MD5

b6c8ef48cb7896740ff400e8924ead22
SHA1

e462eec5fe1378a61539f081f29b7e2198bc59b6
SHA256

a7df7a64ece2ecdfda809f299468a6f61a74aec1c15cebf7d51eb5fe68b2396d
SHA512

a5e3882d346b4b8585da4f56280b24a72e0b4e6a0a93a34793d45be4cf81ca14730063dbf7c3fd5ba468e34c1f0d1a63aaf67040ffefd852201f01d7d7de3a7e
SSDEEP

3072:Lyijen+2UjU1NiqZ0y3ImHneKCg9fr/0naQmQS8trnd+2eqAbow:OYu+2UjEity33eKCg6nFmGdNAB

Score

10^/10

ardamax discovery persistence

Malware Config

Targets

- Target
  
  JaffaCakes118_b6c8ef48cb7896740ff400e8924ead22
- Size
  
  286KB
- MD5
  
  b6c8ef48cb7896740ff400e8924ead22
- SHA1
  
  e462eec5fe1378a61539f081f29b7e2198bc59b6
- SHA256
  
  a7df7a64ece2ecdfda809f299468a6f61a74aec1c15cebf7d51eb5fe68b2396d
- SHA512
  
  a5e3882d346b4b8585da4f56280b24a72e0b4e6a0a93a34793d45be4cf81ca14730063dbf7c3fd5ba468e34c1f0d1a63aaf67040ffefd852201f01d7d7de3a7e
- SSDEEP
  
  3072:Lyijen+2UjU1NiqZ0y3ImHneKCg9fr/0naQmQS8trnd+2eqAbow:OYu+2UjEity33eKCg6nFmGdNAB
Score

6^/10

discovery persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence