Overview

overview

10

Static

static

3

JaffaCakes...7b.exe

windows10-2004-x64

10

JaffaCakes...7b.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_bd911e9b9a4e16206b0c46384b80867b

  • Size

    168KB

  • Sample

    250418-ltsfraslv3

  • MD5

    bd911e9b9a4e16206b0c46384b80867b

  • SHA1

    b4a8e80f70fa38aed22abbca9b4e323b1d3a47ea

  • SHA256

    3236d12ac9a08b94df87725a31077f1e8869976e6bf0dd11014bf01ca756a302

  • SHA512

    d619fa428b6a09287148b0d8d935ec436ebbf6a5036d82e2deacc01b6f52279225c0dcabf4c9581c07eadb9a72dae23dfa0bdb75ff4cd4c85fdc55e7fbb8df64

  • SSDEEP

    3072:yCNmpyGNG6o2EeT9jA6c6CtNih5prtMhHLw0Zu7Phlm7wYNe:/mpyGYJFeTtcUh51OrZUQ7wj

Score
10/10
ardamaxdiscoverykeyloggerstealer

Malware Config

Targets

    • Target

      JaffaCakes118_bd911e9b9a4e16206b0c46384b80867b

    • Size

      168KB

    • MD5

      bd911e9b9a4e16206b0c46384b80867b

    • SHA1

      b4a8e80f70fa38aed22abbca9b4e323b1d3a47ea

    • SHA256

      3236d12ac9a08b94df87725a31077f1e8869976e6bf0dd11014bf01ca756a302

    • SHA512

      d619fa428b6a09287148b0d8d935ec436ebbf6a5036d82e2deacc01b6f52279225c0dcabf4c9581c07eadb9a72dae23dfa0bdb75ff4cd4c85fdc55e7fbb8df64

    • SSDEEP

      3072:yCNmpyGNG6o2EeT9jA6c6CtNih5prtMhHLw0Zu7Phlm7wYNe:/mpyGYJFeTtcUh51OrZUQ7wj

    Score
    10/10
    ardamaxdiscoverykeyloggerstealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks