Extracted

• • Target

    825be5cd244f49f4fc92a44a419bbeb4_JaffaCakes118

  • Size

    497KB

  • MD5

    825be5cd244f49f4fc92a44a419bbeb4

  • SHA1

    51d002d00dc353398051b15b1adb9fcb6e5c6994

  • SHA256

    e33be1e701ecd90a1a3a74e2f37763cb4270f737b262c40aa68ab8949ca64016

  • SHA512

    21f9c8a31a595ed54064381b2c1161c39f723e92444edb3a70d46024b7ab564257321cca1fc8e17e84e1e19a6c26782e4c69d40beb80e5ca47f498dd449c1ea5

  • SSDEEP

    12288:r7wD68w/QNPFyRpLmg87cjsEJphoGr4WhFtIifuP:HQNtyfT84XJ4GcethU

  Score

  10^/10

  ardamaxdiscoverykeyloggerstealer

  • Ardamax

    A keylogger first seen in 2013.

    keyloggerstealerardamax

  • Ardamax main executable

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Drops file in System32 directory

  behavioral1behavioral2