General
-
Target
5b3c60291d7daae82c27055e31c05cdc_JaffaCakes118
-
Size
1.9MB
-
Sample
240719-krxf9awara
-
MD5
5b3c60291d7daae82c27055e31c05cdc
-
SHA1
d9e45a3212f727d208ce7d5b36ff25e8f6975e6a
-
SHA256
e1ab90e9336d3b0c72f34ba890275796f10ec112e5bf02dc3508c73e382cccb1
-
SHA512
05a6084af02d1496ed9a5bf521a2c316cf2e97592715f520dd32196578756542994adb515d7a70e64610373c60e650caaaebc50883e1283d6781ac6d5fefb919
-
SSDEEP
49152:YBTJcVKbVSCh8OqY7njZGx1IWWM44jkTPWgtel+sll/Gx3uIvEeI8LKPM:6cVKwCZh2BkrLtQH/GxuIseXGPM
Malware Config
Targets
-
-
Target
5b3c60291d7daae82c27055e31c05cdc_JaffaCakes118
-
Size
1.9MB
-
MD5
5b3c60291d7daae82c27055e31c05cdc
-
SHA1
d9e45a3212f727d208ce7d5b36ff25e8f6975e6a
-
SHA256
e1ab90e9336d3b0c72f34ba890275796f10ec112e5bf02dc3508c73e382cccb1
-
SHA512
05a6084af02d1496ed9a5bf521a2c316cf2e97592715f520dd32196578756542994adb515d7a70e64610373c60e650caaaebc50883e1283d6781ac6d5fefb919
-
SSDEEP
49152:YBTJcVKbVSCh8OqY7njZGx1IWWM44jkTPWgtel+sll/Gx3uIvEeI8LKPM:6cVKwCZh2BkrLtQH/GxuIseXGPM
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-