General
-
Target
404d1219c15e2571c13346b2bfeec55b_JaffaCakes118
-
Size
1.7MB
-
Sample
240713-fn4nyawhrk
-
MD5
404d1219c15e2571c13346b2bfeec55b
-
SHA1
84e044953d3fb30c6a5b9467709ab6da53f8bd8a
-
SHA256
b7a5b613f9b9d0724d5599b0eda353e75e6018c93f3fb08f0dc44b19ee6b2220
-
SHA512
40a5041534e231d1e4159aad6755fab8bcc93e1c3ed65f55d2958f7125afa37b65e423288e763cb580aa2a1a90ff1f803a1329dba61bd9f0285e3fc45b585e88
-
SSDEEP
24576:ZZxTtwPtgd2qSixm1PcuGNV9HKVDxIukMS+SJ5rTZ8UCP2i3oSV5wGC8CHm1710G:ZXTtctgd2qSZWz4VCJtZ8UfxGCKpO
Malware Config
Targets
-
-
Target
404d1219c15e2571c13346b2bfeec55b_JaffaCakes118
-
Size
1.7MB
-
MD5
404d1219c15e2571c13346b2bfeec55b
-
SHA1
84e044953d3fb30c6a5b9467709ab6da53f8bd8a
-
SHA256
b7a5b613f9b9d0724d5599b0eda353e75e6018c93f3fb08f0dc44b19ee6b2220
-
SHA512
40a5041534e231d1e4159aad6755fab8bcc93e1c3ed65f55d2958f7125afa37b65e423288e763cb580aa2a1a90ff1f803a1329dba61bd9f0285e3fc45b585e88
-
SSDEEP
24576:ZZxTtwPtgd2qSixm1PcuGNV9HKVDxIukMS+SJ5rTZ8UCP2i3oSV5wGC8CHm1710G:ZXTtctgd2qSZWz4VCJtZ8UfxGCKpO
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-