General
-
Target
a2294b64cb57c6742d9be34a8afe63f0_JaffaCakes118
-
Size
1.4MB
-
Sample
240817-mc71jszhmf
-
MD5
a2294b64cb57c6742d9be34a8afe63f0
-
SHA1
6931b962a083967ec3a5d8061ef4e2da59bf1a32
-
SHA256
47cb75ca66c4aeaa6e5ef5e8e1df74cb7f81ed12493037eec2481529302c96ba
-
SHA512
3848028c33368b153f7b8a889e69d714a8f1e53f7af9db660259f19bbdb1a703e0b355b2916366f7310c843ec74739a954269f6dd1993229cb0982b9ee413316
-
SSDEEP
24576:DZxT8+pym4V6eAsXwATbriJbxFjD7J07eWok5C85757fNbV+2djLYRgYH:DXT8+v5sgWiJbTDdyZok5C85V7fxVz+F
Malware Config
Targets
-
-
Target
a2294b64cb57c6742d9be34a8afe63f0_JaffaCakes118
-
Size
1.4MB
-
MD5
a2294b64cb57c6742d9be34a8afe63f0
-
SHA1
6931b962a083967ec3a5d8061ef4e2da59bf1a32
-
SHA256
47cb75ca66c4aeaa6e5ef5e8e1df74cb7f81ed12493037eec2481529302c96ba
-
SHA512
3848028c33368b153f7b8a889e69d714a8f1e53f7af9db660259f19bbdb1a703e0b355b2916366f7310c843ec74739a954269f6dd1993229cb0982b9ee413316
-
SSDEEP
24576:DZxT8+pym4V6eAsXwATbriJbxFjD7J07eWok5C85757fNbV+2djLYRgYH:DXT8+v5sgWiJbTDdyZok5C85V7fxVz+F
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-