General
-
Target
fa6f155a35ddeb69a5308fccca7642f9_JaffaCakes118
-
Size
1.4MB
-
Sample
240419-q3873sdh78
-
MD5
fa6f155a35ddeb69a5308fccca7642f9
-
SHA1
b707e0ffbd725f5b2ef5c94056d9fa1ff35f4d86
-
SHA256
4a4d9dadc73f3ed774fedc03c39d9f4a77d1c170de1b54009a75c229582d8c30
-
SHA512
7d0706b484cc9e1e4d6c66e2c8cc23565ccd864d44c25ccc5e8c04d4cf0e3d6dda15f8479367d0424b3650a4959c88fc4bd268c050f8a28305854f112f5f1d7b
-
SSDEEP
24576:xU4oTzPfqnYXWu0I4eOXhPf06mxOgn1/8sDo8xQU5BZOkx5smu5bTyAYT2BRHvPP:xULTzinYXWuOeaNgnhxDdx9TZOmxuJTd
Malware Config
Targets
-
-
Target
fa6f155a35ddeb69a5308fccca7642f9_JaffaCakes118
-
Size
1.4MB
-
MD5
fa6f155a35ddeb69a5308fccca7642f9
-
SHA1
b707e0ffbd725f5b2ef5c94056d9fa1ff35f4d86
-
SHA256
4a4d9dadc73f3ed774fedc03c39d9f4a77d1c170de1b54009a75c229582d8c30
-
SHA512
7d0706b484cc9e1e4d6c66e2c8cc23565ccd864d44c25ccc5e8c04d4cf0e3d6dda15f8479367d0424b3650a4959c88fc4bd268c050f8a28305854f112f5f1d7b
-
SSDEEP
24576:xU4oTzPfqnYXWu0I4eOXhPf06mxOgn1/8sDo8xQU5BZOkx5smu5bTyAYT2BRHvPP:xULTzinYXWuOeaNgnhxDdx9TZOmxuJTd
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-