General
-
Target
92afde5e1da52f169e91a94109537dbe_JaffaCakes118
-
Size
1.8MB
-
Sample
240813-mjjxasybpc
-
MD5
92afde5e1da52f169e91a94109537dbe
-
SHA1
a5dc7682adbd7da14b9acc8f923ca00dc2321a1e
-
SHA256
e595fb87749e5bf28cfdfe7172a82f4c7fab5d4c443c2d4a7080847c0fed3e18
-
SHA512
8b54bfd86b211a2529963cdded2797f3a1197f9eb393738f663c913d5844740cbe8df8783048d8208626aa5e5a55c68ae042a86a6b0ba2029a9ceb05cafc2e1a
-
SSDEEP
49152:zH0RTHNpx0QZj0m4UgdCTx9GgY26h0bEWE9LYOw9+N8viTwMXj:zHCu4n4ZqLGgB6h0i9LYOw9u8aTwMXj
Malware Config
Targets
-
-
Target
92afde5e1da52f169e91a94109537dbe_JaffaCakes118
-
Size
1.8MB
-
MD5
92afde5e1da52f169e91a94109537dbe
-
SHA1
a5dc7682adbd7da14b9acc8f923ca00dc2321a1e
-
SHA256
e595fb87749e5bf28cfdfe7172a82f4c7fab5d4c443c2d4a7080847c0fed3e18
-
SHA512
8b54bfd86b211a2529963cdded2797f3a1197f9eb393738f663c913d5844740cbe8df8783048d8208626aa5e5a55c68ae042a86a6b0ba2029a9ceb05cafc2e1a
-
SSDEEP
49152:zH0RTHNpx0QZj0m4UgdCTx9GgY26h0bEWE9LYOw9+N8viTwMXj:zHCu4n4ZqLGgB6h0i9LYOw9u8aTwMXj
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-