General
-
Target
5e6cd8cec96b93c7a9499194d96669a6_JaffaCakes118
-
Size
788KB
-
Sample
240720-bde6daygqq
-
MD5
5e6cd8cec96b93c7a9499194d96669a6
-
SHA1
be4daf9214ff5525ecfdfbb24bc720334b993b86
-
SHA256
1e745820f8786b6233a56f3c4ad4b692955c28690ecc78aee80398049e9ec9d4
-
SHA512
80fd63b68ac37971ec29781f0fb01d5a74f50d49710bdcd7f098f7dc2afebc6a25e3de004edd465b3a271f67d817e771907864f568410af5686aee756096cd0c
-
SSDEEP
12288:mj8yFwpEZQllqnm5sz7bNzqD9/uXJZ6L3lcODZbUWg0y6OkCosbjX5P6FKtcC:IKOZGll+EoZSjZgl6OkCouj5PXcC
Malware Config
Extracted
Protocol: ftp- Host:
ftp.drivehq.com - Port:
21 - Username:
adinaionescu75
Targets
-
-
Target
5e6cd8cec96b93c7a9499194d96669a6_JaffaCakes118
-
Size
788KB
-
MD5
5e6cd8cec96b93c7a9499194d96669a6
-
SHA1
be4daf9214ff5525ecfdfbb24bc720334b993b86
-
SHA256
1e745820f8786b6233a56f3c4ad4b692955c28690ecc78aee80398049e9ec9d4
-
SHA512
80fd63b68ac37971ec29781f0fb01d5a74f50d49710bdcd7f098f7dc2afebc6a25e3de004edd465b3a271f67d817e771907864f568410af5686aee756096cd0c
-
SSDEEP
12288:mj8yFwpEZQllqnm5sz7bNzqD9/uXJZ6L3lcODZbUWg0y6OkCosbjX5P6FKtcC:IKOZGll+EoZSjZgl6OkCouj5PXcC
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-