General
-
Target
7ea9c07770240661820a43c283f4b8ad_JaffaCakes118
-
Size
1.2MB
-
Sample
240801-bph2eaycqb
-
MD5
7ea9c07770240661820a43c283f4b8ad
-
SHA1
e345c61bca763bb1afb6c106bfcb5275e3efa2be
-
SHA256
75a4feadca2da8b21e765d5b65376c5f692b4f2adcb28253999815aa2d648bd2
-
SHA512
7e6ef50c133f668e5f79fac93b591f04e2504fb7cfda07a3b341efe3725ff7ce2e578f345735b12a331d0c0e8dc9fc926dbabf868de3837f4a8869d4b0fc933d
-
SSDEEP
24576:RITTHF+2gHp3qN4viAdq7ONHeHQRTaW6vREgS++8uhvjAVVyIzJ0qbrvxsg:R6TKHp304Tq7FwRyREgSJph6l0J
Malware Config
Targets
-
-
Target
7ea9c07770240661820a43c283f4b8ad_JaffaCakes118
-
Size
1.2MB
-
MD5
7ea9c07770240661820a43c283f4b8ad
-
SHA1
e345c61bca763bb1afb6c106bfcb5275e3efa2be
-
SHA256
75a4feadca2da8b21e765d5b65376c5f692b4f2adcb28253999815aa2d648bd2
-
SHA512
7e6ef50c133f668e5f79fac93b591f04e2504fb7cfda07a3b341efe3725ff7ce2e578f345735b12a331d0c0e8dc9fc926dbabf868de3837f4a8869d4b0fc933d
-
SSDEEP
24576:RITTHF+2gHp3qN4viAdq7ONHeHQRTaW6vREgS++8uhvjAVVyIzJ0qbrvxsg:R6TKHp304Tq7FwRyREgSJph6l0J
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-