General
-
Target
757f1b9fc6bd9bbc6580f914d5aa2522_JaffaCakes118
-
Size
512KB
-
Sample
240726-yn95ts1ekm
-
MD5
757f1b9fc6bd9bbc6580f914d5aa2522
-
SHA1
2cdc2f2162d15de902d48db9923c54099c818ec8
-
SHA256
87023f898385c88304645e2b44eb82d0b9983b6a3bede25a4d9fe9d27a3275d4
-
SHA512
896561722d48e04cd376e449ab4460aaa84387e497d92e768da12cc0772525e248e8f8ce2bc026735b6c78fc4f799c39f3d88bd3e54767771ac39ac68cda9c75
-
SSDEEP
12288:tuRyiQtCTn1Q81mDhcM72doMggOkCs7t1N8m82CbRU6W9sD:uyiECTn1QfNjygtkKRlU6W9I
Malware Config
Targets
-
-
Target
757f1b9fc6bd9bbc6580f914d5aa2522_JaffaCakes118
-
Size
512KB
-
MD5
757f1b9fc6bd9bbc6580f914d5aa2522
-
SHA1
2cdc2f2162d15de902d48db9923c54099c818ec8
-
SHA256
87023f898385c88304645e2b44eb82d0b9983b6a3bede25a4d9fe9d27a3275d4
-
SHA512
896561722d48e04cd376e449ab4460aaa84387e497d92e768da12cc0772525e248e8f8ce2bc026735b6c78fc4f799c39f3d88bd3e54767771ac39ac68cda9c75
-
SSDEEP
12288:tuRyiQtCTn1Q81mDhcM72doMggOkCs7t1N8m82CbRU6W9sD:uyiECTn1QfNjygtkKRlU6W9I
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-