General
-
Target
8c075d528f02e7c94193796d42f4d596_JaffaCakes118
-
Size
626KB
-
Sample
240811-z9l6kataqg
-
MD5
8c075d528f02e7c94193796d42f4d596
-
SHA1
03039ac299d7bcf9253ac1412cdd7f7659fb5c0c
-
SHA256
6b2077106846bc0b70bc937c5cf90284d732c20d9d6f199295688c593534d08d
-
SHA512
27689a2176059c20d742d68405f82662d0cab1393c2cac260ae20aeec6f7bd4144a57b3367eed12ddefdc0b7dc56ebb9e1be19216ce3e62c4eb6ca885affbaee
-
SSDEEP
12288:BOE4EjBJ2SDax4D4sYOFDm1nHL5RuJPxAbii+pLmsAUWuVDnodNHL7g6G40NQzD1:UtEVJ2v4nYO2FqmZ+ZKHuVQNHIF40q
Malware Config
Targets
-
-
Target
8c075d528f02e7c94193796d42f4d596_JaffaCakes118
-
Size
626KB
-
MD5
8c075d528f02e7c94193796d42f4d596
-
SHA1
03039ac299d7bcf9253ac1412cdd7f7659fb5c0c
-
SHA256
6b2077106846bc0b70bc937c5cf90284d732c20d9d6f199295688c593534d08d
-
SHA512
27689a2176059c20d742d68405f82662d0cab1393c2cac260ae20aeec6f7bd4144a57b3367eed12ddefdc0b7dc56ebb9e1be19216ce3e62c4eb6ca885affbaee
-
SSDEEP
12288:BOE4EjBJ2SDax4D4sYOFDm1nHL5RuJPxAbii+pLmsAUWuVDnodNHL7g6G40NQzD1:UtEVJ2v4nYO2FqmZ+ZKHuVQNHIF40q
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
ASPack v2.12-2.42
Detects executables packed with ASPack v2.12-2.42
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-