General
-
Target
45097fabdcc5868b45c03896659e61be_JaffaCakes118
-
Size
318KB
-
Sample
240714-kbr7lawaja
-
MD5
45097fabdcc5868b45c03896659e61be
-
SHA1
67ec704bc5e4ee531b4ab8e83a7f7df4f523362c
-
SHA256
be68715f87065b7ea6ca727ea5b79d9a40751985951c39973e38c78bb983d0ca
-
SHA512
d21bf9ad64b4026497d30ae551614a1b04d636bf98f52626c9d66338fd968a7105e4d7aef56760cf7aac751612ae7d941c383b76cf31b9b794728b57eeae5026
-
SSDEEP
6144:ZeYNbPwMk/KVfN2coZiuY+hHPI5pfl+Mm+3rv5rHiAuNNIpe74Y/kiGyW:ZemD0/KxN/+A5zm+T9CAy2peU6QH
Malware Config
Targets
-
-
Target
45097fabdcc5868b45c03896659e61be_JaffaCakes118
-
Size
318KB
-
MD5
45097fabdcc5868b45c03896659e61be
-
SHA1
67ec704bc5e4ee531b4ab8e83a7f7df4f523362c
-
SHA256
be68715f87065b7ea6ca727ea5b79d9a40751985951c39973e38c78bb983d0ca
-
SHA512
d21bf9ad64b4026497d30ae551614a1b04d636bf98f52626c9d66338fd968a7105e4d7aef56760cf7aac751612ae7d941c383b76cf31b9b794728b57eeae5026
-
SSDEEP
6144:ZeYNbPwMk/KVfN2coZiuY+hHPI5pfl+Mm+3rv5rHiAuNNIpe74Y/kiGyW:ZemD0/KxN/+A5zm+T9CAy2peU6QH
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-