General
-
Target
7efa0ee3115b407da1e8bfbce0e6ee6b_JaffaCakes118
-
Size
2.8MB
-
Sample
240801-dr4r1ayfpp
-
MD5
7efa0ee3115b407da1e8bfbce0e6ee6b
-
SHA1
44563b3b80116d157203f78667a86a86851cac80
-
SHA256
c05d0d4b38cb3b3af19b6ee56084287621673149cff4159d8e2d89bc03133efe
-
SHA512
70df543dc1f95a2ab94d7385baf2109283152f556b1e1071177de4d00993a9d0494117936fc08914c170931794b6123b749b1b1664f018148f9db59890016786
-
SSDEEP
49152:woTbV6TymfUs7wDsvfHkP6bOsgAFod4EUB5vZkg44R5D23tlErhfBSAAHJkdD4IK:5V6Ty/y4svQ6bOsbJvvZkl4R5D2dlfA6
Malware Config
Targets
-
-
Target
7efa0ee3115b407da1e8bfbce0e6ee6b_JaffaCakes118
-
Size
2.8MB
-
MD5
7efa0ee3115b407da1e8bfbce0e6ee6b
-
SHA1
44563b3b80116d157203f78667a86a86851cac80
-
SHA256
c05d0d4b38cb3b3af19b6ee56084287621673149cff4159d8e2d89bc03133efe
-
SHA512
70df543dc1f95a2ab94d7385baf2109283152f556b1e1071177de4d00993a9d0494117936fc08914c170931794b6123b749b1b1664f018148f9db59890016786
-
SSDEEP
49152:woTbV6TymfUs7wDsvfHkP6bOsgAFod4EUB5vZkg44R5D23tlErhfBSAAHJkdD4IK:5V6Ty/y4svQ6bOsbJvvZkl4R5D2dlfA6
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-