General
-
Target
0a13bae2b510cb6a117a9d13586b459f_JaffaCakes118
-
Size
539KB
-
Sample
240621-hw6vdazglb
-
MD5
0a13bae2b510cb6a117a9d13586b459f
-
SHA1
5a9242d9d1f4d74fb45ab5681b8c1dc324ca9e47
-
SHA256
688405b329dc91821fa5c5c8bdb7387a53e57b986194ee23fc9bd7f4e9fddbe1
-
SHA512
28dbba5de840c8e5126412cf4b33bf46937739d399a27b19a6de5963fc2edd309f000579d51cc3435a99652718ad1fae9e4fb1cb08730f3363301de66bf7e72a
-
SSDEEP
12288:uMRUTV5nlwLnwcUJL6yvXu+XJVcUQWs7LPuWiWalCP59uulOTtbsdGWy64VQdccr:uTV5nlKnwcVfibsPu/Wa+TtADjNjcc8
Malware Config
Targets
-
-
Target
0a13bae2b510cb6a117a9d13586b459f_JaffaCakes118
-
Size
539KB
-
MD5
0a13bae2b510cb6a117a9d13586b459f
-
SHA1
5a9242d9d1f4d74fb45ab5681b8c1dc324ca9e47
-
SHA256
688405b329dc91821fa5c5c8bdb7387a53e57b986194ee23fc9bd7f4e9fddbe1
-
SHA512
28dbba5de840c8e5126412cf4b33bf46937739d399a27b19a6de5963fc2edd309f000579d51cc3435a99652718ad1fae9e4fb1cb08730f3363301de66bf7e72a
-
SSDEEP
12288:uMRUTV5nlwLnwcUJL6yvXu+XJVcUQWs7LPuWiWalCP59uulOTtbsdGWy64VQdccr:uTV5nlKnwcVfibsPu/Wa+TtADjNjcc8
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-