General
-
Target
90e00c195b93d7d4ebfa9e0c66942452_JaffaCakes118
-
Size
1.2MB
-
Sample
240813-al9jhstend
-
MD5
90e00c195b93d7d4ebfa9e0c66942452
-
SHA1
7d5112ac3881d6987651b80f405fd7349f6f8699
-
SHA256
40bfd35ea3949dfa0e266a0edb60064ece9262f0962ae70f63325fe2dfa3f969
-
SHA512
801af95582ebf478bc54c71fc95e6a7c95fb4aef362c6ea4c2248f4aee6e6ebdaea16212a665a640a99b1593584a4f86ef748c875f05f5734ab313c77b640d52
-
SSDEEP
24576:wGaUTAHSf98qRIRWTGCig0FzLc9bz1hq8WcLoC6BXAL6phYE/W0aOj9+hyI98znd:wGrTjKdRWyL2z1hDLe6LIWwWoJU98znd
Malware Config
Targets
-
-
Target
90e00c195b93d7d4ebfa9e0c66942452_JaffaCakes118
-
Size
1.2MB
-
MD5
90e00c195b93d7d4ebfa9e0c66942452
-
SHA1
7d5112ac3881d6987651b80f405fd7349f6f8699
-
SHA256
40bfd35ea3949dfa0e266a0edb60064ece9262f0962ae70f63325fe2dfa3f969
-
SHA512
801af95582ebf478bc54c71fc95e6a7c95fb4aef362c6ea4c2248f4aee6e6ebdaea16212a665a640a99b1593584a4f86ef748c875f05f5734ab313c77b640d52
-
SSDEEP
24576:wGaUTAHSf98qRIRWTGCig0FzLc9bz1hq8WcLoC6BXAL6phYE/W0aOj9+hyI98znd:wGrTjKdRWyL2z1hDLe6LIWwWoJU98znd
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-