General
-
Target
a2ae224ba231f5206e8f12a8badb4ce0_JaffaCakes118
-
Size
836KB
-
Sample
240817-qkd9zsxdnf
-
MD5
a2ae224ba231f5206e8f12a8badb4ce0
-
SHA1
be9914d308862878b132e1c851e4fb140ce81454
-
SHA256
ca490cc24b617bd602b13549b3cf889c5fa5c1b6a236e2bac27d5ae6d43cb926
-
SHA512
3a269167217a4a01db5d6bf7a03994261849f05abd88c734e143f08966842df990d975ed795b5e78134705307debe552b35c4559bd9b1eeb00f8dd5dc13557ee
-
SSDEEP
12288:7oi+G3zhi5AXD13vZ9MWNAuHw3iVreGvvoGl7hQCsovJqw5+A6F238gcF:kiVDhiSZR9LnHw38rhvRZu1ovgw5Z8gC
Malware Config
Targets
-
-
Target
a2ae224ba231f5206e8f12a8badb4ce0_JaffaCakes118
-
Size
836KB
-
MD5
a2ae224ba231f5206e8f12a8badb4ce0
-
SHA1
be9914d308862878b132e1c851e4fb140ce81454
-
SHA256
ca490cc24b617bd602b13549b3cf889c5fa5c1b6a236e2bac27d5ae6d43cb926
-
SHA512
3a269167217a4a01db5d6bf7a03994261849f05abd88c734e143f08966842df990d975ed795b5e78134705307debe552b35c4559bd9b1eeb00f8dd5dc13557ee
-
SSDEEP
12288:7oi+G3zhi5AXD13vZ9MWNAuHw3iVreGvvoGl7hQCsovJqw5+A6F238gcF:kiVDhiSZR9LnHw38rhvRZu1ovgw5Z8gC
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-