General
-
Target
8e65d6d540b21578a3e7dcc9b8ced083_JaffaCakes118
-
Size
525KB
-
Sample
240812-mlck1axbrm
-
MD5
8e65d6d540b21578a3e7dcc9b8ced083
-
SHA1
4268121ae81999209b40a22b08a88ffd798813b3
-
SHA256
cd7909386958ccc1303c504277817d14773eee82d2212310a6e4e1e0ec31b129
-
SHA512
ab740187e63bbcb4ee751e3715069672699f898812cd65641a6ba15b21e776175b18093e5c406e306bda803e3b6dc4754eae44b8d52bde4b65e80a339d0fe5d9
-
SSDEEP
12288:7XzpU6FQBlyn42b7nMARIW5jATjkxndFDae4EVrnLufiYLsFjqD0f:XpU8sy42bjAW5+j0nnjVrnC0jf
Malware Config
Targets
-
-
Target
8e65d6d540b21578a3e7dcc9b8ced083_JaffaCakes118
-
Size
525KB
-
MD5
8e65d6d540b21578a3e7dcc9b8ced083
-
SHA1
4268121ae81999209b40a22b08a88ffd798813b3
-
SHA256
cd7909386958ccc1303c504277817d14773eee82d2212310a6e4e1e0ec31b129
-
SHA512
ab740187e63bbcb4ee751e3715069672699f898812cd65641a6ba15b21e776175b18093e5c406e306bda803e3b6dc4754eae44b8d52bde4b65e80a339d0fe5d9
-
SSDEEP
12288:7XzpU6FQBlyn42b7nMARIW5jATjkxndFDae4EVrnLufiYLsFjqD0f:XpU8sy42bjAW5+j0nnjVrnC0jf
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-