General
-
Target
470341f382ae0d6906699c4cede9f340_JaffaCakes118
-
Size
1.3MB
-
Sample
240714-w6x7wavdnd
-
MD5
470341f382ae0d6906699c4cede9f340
-
SHA1
7190106144a3f3e8fa5bf1f374329e949660b853
-
SHA256
cfc15cf897edd6e74a4676aa1811d693fee4fe424f04d2a4d3b5675f5198dccd
-
SHA512
eff1a4c31dee3ff420a402c8ee5af39264ca4896c57b758183385e6a60320de10b69e1ac6655a3930767935cb97d708452e9ad9b49e9355bb2a0d4bf30e12ed3
-
SSDEEP
24576:6ITTHF+2gHp3qN4viAdq7ONHeHQRTaW6vREgS++8uhvjAVVyIzJ0qbrvxsg3g:66TKHp304Tq7FwRyREgSJph6l0JAg
Malware Config
Targets
-
-
Target
470341f382ae0d6906699c4cede9f340_JaffaCakes118
-
Size
1.3MB
-
MD5
470341f382ae0d6906699c4cede9f340
-
SHA1
7190106144a3f3e8fa5bf1f374329e949660b853
-
SHA256
cfc15cf897edd6e74a4676aa1811d693fee4fe424f04d2a4d3b5675f5198dccd
-
SHA512
eff1a4c31dee3ff420a402c8ee5af39264ca4896c57b758183385e6a60320de10b69e1ac6655a3930767935cb97d708452e9ad9b49e9355bb2a0d4bf30e12ed3
-
SSDEEP
24576:6ITTHF+2gHp3qN4viAdq7ONHeHQRTaW6vREgS++8uhvjAVVyIzJ0qbrvxsg3g:66TKHp304Tq7FwRyREgSJph6l0JAg
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-