General
-
Target
0a76ae1d64e79b9d9d19e065be04ffca_JaffaCakes118
-
Size
1.1MB
-
Sample
240624-ycybwszbnb
-
MD5
0a76ae1d64e79b9d9d19e065be04ffca
-
SHA1
ab2544b157e992053157d1c8cbd530df63f74574
-
SHA256
4b70fc62fdc106932e6bf2bba83284c8430e3b6692420b77d0f83f033ae88e8e
-
SHA512
699e47477dd0126746bf1c379faac597fac7b42d2b51ae401a080e465de1f2fc1a84b9c4b6ab194280e8fb24cc425ab35543c56e8faeac8c3e7ec2de31965395
-
SSDEEP
24576:ck/ATeXYiAFAQ50dZ+D8rSScaH36SCVzCObhQUu1OaF6UJport:FoTEpffcR9CMhu1Z6C6
Malware Config
Targets
-
-
Target
0a76ae1d64e79b9d9d19e065be04ffca_JaffaCakes118
-
Size
1.1MB
-
MD5
0a76ae1d64e79b9d9d19e065be04ffca
-
SHA1
ab2544b157e992053157d1c8cbd530df63f74574
-
SHA256
4b70fc62fdc106932e6bf2bba83284c8430e3b6692420b77d0f83f033ae88e8e
-
SHA512
699e47477dd0126746bf1c379faac597fac7b42d2b51ae401a080e465de1f2fc1a84b9c4b6ab194280e8fb24cc425ab35543c56e8faeac8c3e7ec2de31965395
-
SSDEEP
24576:ck/ATeXYiAFAQ50dZ+D8rSScaH36SCVzCObhQUu1OaF6UJport:FoTEpffcR9CMhu1Z6C6
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-