General
-
Target
5c25bf68835574d720d2f2419e51bcce_JaffaCakes118
-
Size
582KB
-
Sample
240719-qtbv8atdjq
-
MD5
5c25bf68835574d720d2f2419e51bcce
-
SHA1
58ffea6265516a94f272e84936d220b669008e70
-
SHA256
ba196926ca35e7e7144fdbe2a26be51f5570f938d92e8811cffb560b5f9002aa
-
SHA512
535c5ad44eae7955861523fb3a7f2a50a7779615aa6749132ae8ef8019ce1007c2a6f2f959d267d1ca6e30cade98b57bb433de1d161d3a44dec49b85693eb38b
-
SSDEEP
12288:TIaJ7TvUUqFoo1ZT0Mvth2SWOUTwFXHWTtRWpDaOywedq8ZUu:h7Tvvquo1ZA+tdWMWTy5Noq8Zf
Malware Config
Targets
-
-
Target
5c25bf68835574d720d2f2419e51bcce_JaffaCakes118
-
Size
582KB
-
MD5
5c25bf68835574d720d2f2419e51bcce
-
SHA1
58ffea6265516a94f272e84936d220b669008e70
-
SHA256
ba196926ca35e7e7144fdbe2a26be51f5570f938d92e8811cffb560b5f9002aa
-
SHA512
535c5ad44eae7955861523fb3a7f2a50a7779615aa6749132ae8ef8019ce1007c2a6f2f959d267d1ca6e30cade98b57bb433de1d161d3a44dec49b85693eb38b
-
SSDEEP
12288:TIaJ7TvUUqFoo1ZT0Mvth2SWOUTwFXHWTtRWpDaOywedq8ZUu:h7Tvvquo1ZA+tdWMWTy5Noq8Zf
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-