General
-
Target
fa9b25bce5c0a6293035f92d7ce95316_JaffaCakes118
-
Size
525KB
-
Sample
240419-sx1d4afh43
-
MD5
fa9b25bce5c0a6293035f92d7ce95316
-
SHA1
b67c13ae984f7d11778e4522220acc18d35e311f
-
SHA256
9e666edc914999c8c35e5decce6cceb71573e8f81fdbfd6e9264eb8214e7ba0f
-
SHA512
a3d244a596542ccf1a5573a99a5b920fdae71cf422545b7fe19db1287598f3df036940750d257ede46c9f47b037266313c2c18524759327f2f18e12dbc16a9cb
-
SSDEEP
12288:rT4HprWom4bgasOKO8nnSvWkvcFbRpJFiHufEOLoW8ofKQtfpY:rT4HpCbkgasOD8nK3YnF3z6YpY
Malware Config
Targets
-
-
Target
fa9b25bce5c0a6293035f92d7ce95316_JaffaCakes118
-
Size
525KB
-
MD5
fa9b25bce5c0a6293035f92d7ce95316
-
SHA1
b67c13ae984f7d11778e4522220acc18d35e311f
-
SHA256
9e666edc914999c8c35e5decce6cceb71573e8f81fdbfd6e9264eb8214e7ba0f
-
SHA512
a3d244a596542ccf1a5573a99a5b920fdae71cf422545b7fe19db1287598f3df036940750d257ede46c9f47b037266313c2c18524759327f2f18e12dbc16a9cb
-
SSDEEP
12288:rT4HprWom4bgasOKO8nnSvWkvcFbRpJFiHufEOLoW8ofKQtfpY:rT4HpCbkgasOD8nK3YnF3z6YpY
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-