Overview

overview

10

Static

static

3

ah ronaldo.exe

windows10-2004-x64

10

ah ronaldo.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_bf9ce49c4f67663cca5b0262f0da99e5

  • Size

    475KB

  • Sample

    250418-y1zvmatyfy

  • MD5

    bf9ce49c4f67663cca5b0262f0da99e5

  • SHA1

    b6886c035934b7bedb7a671dd098d982fc356eb8

  • SHA256

    9fdda8bea717890ed99000997e2acaf4a7551b38c14a79fb8cc530558d51dd58

  • SHA512

    bc80244dc06ef51083850abf7b475825664adb911cfeb96f77c556414444619270ddd4bab45d83641f7ca2db2bcc6d411ae073940ff74f6e47b4ac41bf86a198

  • SSDEEP

    12288:KOWz7vr9fPJIr2x68HJXLoqIwmlqAYh29brspLGGbMnTZBlr0guX:r8Lx3J5xrpXW1QAYKfIqyETZDr0guX

Score
10/10
ardamaxdiscoverykeyloggerpersistencestealer

Malware Config

Targets

    • Target

      ah ronaldo.exe

    • Size

      480KB

    • MD5

      995b5a81ffd9f9ef4bc765a08fa87fa9

    • SHA1

      1b7adb2a12a41fa333685af71d9ef756148e6c7e

    • SHA256

      e72141043c8d92bd62651af4e2933f5a69af87f3711fba0f1c6170c3bce3984c

    • SHA512

      124f2354b69c8e1e2e462859f2eeb73d82e1419cca36442c8d0ece90dfd0a35d6610499330d5220b944a2c17f28810ca523ae9e1e540900e30005a8355169cf9

    • SSDEEP

      12288:krsD9KhZTGfgr+h+FjoEO66ckCpX2TgZCAXRpG1oB9qU46L:pRTg+hBcFX2UsMGUAU46L

    Score
    10/10
    ardamaxdiscoverykeyloggerpersistencestealer

    • Ardamax

      A keylogger first seen in 2013.

      keyloggerstealerardamax

    • Ardamax family

      ardamax

    • Ardamax main executable

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v16

Tasks