General
-
Target
3dc1b9169695759951dbe4b46e79859f_JaffaCakes118
-
Size
6.7MB
-
Sample
240712-rs196azcjc
-
MD5
3dc1b9169695759951dbe4b46e79859f
-
SHA1
a975ef8ce8b24538c0e5b65578e7c69ccf2f95d4
-
SHA256
65ec4fb433b8be0149eeaac7c03f959bacdd701f98d7a11d15e33e64ca28bdc8
-
SHA512
6f0955e3bd4e632d1ad7c31c6b74db44394b7eee99963c4427e36be0e502e610ab8ada6a7b5e84ea7deadc090a5e7bb168ebb25f902f37d01ba8db2c747ecf01
-
SSDEEP
98304:Tec8w+mHA/P5TDRxGaF5JosDRxGaF5JosDRxGaF5JosDRxGaF5JosDRxGaF5Jo/:TN1/gJnRrUwRrUwRrUwRrUwRrU/
Malware Config
Targets
-
-
Target
3dc1b9169695759951dbe4b46e79859f_JaffaCakes118
-
Size
6.7MB
-
MD5
3dc1b9169695759951dbe4b46e79859f
-
SHA1
a975ef8ce8b24538c0e5b65578e7c69ccf2f95d4
-
SHA256
65ec4fb433b8be0149eeaac7c03f959bacdd701f98d7a11d15e33e64ca28bdc8
-
SHA512
6f0955e3bd4e632d1ad7c31c6b74db44394b7eee99963c4427e36be0e502e610ab8ada6a7b5e84ea7deadc090a5e7bb168ebb25f902f37d01ba8db2c747ecf01
-
SSDEEP
98304:Tec8w+mHA/P5TDRxGaF5JosDRxGaF5JosDRxGaF5JosDRxGaF5JosDRxGaF5Jo/:TN1/gJnRrUwRrUwRrUwRrUwRrU/
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-