General
-
Target
77d70848cc2c430a4f0da7df0b20d1fe_JaffaCakes118
-
Size
561KB
-
Sample
240727-meyjwsthkq
-
MD5
77d70848cc2c430a4f0da7df0b20d1fe
-
SHA1
0a9b9cbd88f98b69052b400eb87e52bfb917bc6a
-
SHA256
89f6197fbdf2f0e8c29a1fa9723f46c6425e9875f7b98646dd66673f685aec5b
-
SHA512
2ca7fbe3fc95d029edbd55a4d065caa1e8e3e28a05d6432997cee62af92e1d1e92c8565c9f10d2d7d8a5778b81bbfb6b0ab1744ba2e201f1581139eb506cd894
-
SSDEEP
12288:sfhMLX5hRgJ6vuvbaibW4IPi5lE+FulOTJiedQjGE7DMYsl4uQuw:wMLpGbvbaiSPKlaAJPdQjGIDMBl4uo
Malware Config
Targets
-
-
Target
77d70848cc2c430a4f0da7df0b20d1fe_JaffaCakes118
-
Size
561KB
-
MD5
77d70848cc2c430a4f0da7df0b20d1fe
-
SHA1
0a9b9cbd88f98b69052b400eb87e52bfb917bc6a
-
SHA256
89f6197fbdf2f0e8c29a1fa9723f46c6425e9875f7b98646dd66673f685aec5b
-
SHA512
2ca7fbe3fc95d029edbd55a4d065caa1e8e3e28a05d6432997cee62af92e1d1e92c8565c9f10d2d7d8a5778b81bbfb6b0ab1744ba2e201f1581139eb506cd894
-
SSDEEP
12288:sfhMLX5hRgJ6vuvbaibW4IPi5lE+FulOTJiedQjGE7DMYsl4uQuw:wMLpGbvbaiSPKlaAJPdQjGIDMBl4uo
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-