General
-
Target
ca12f1a669920830f8f645ed301022d5_JaffaCakes118
-
Size
1.3MB
-
Sample
240830-c4brbavcmq
-
MD5
ca12f1a669920830f8f645ed301022d5
-
SHA1
7c0ecc2d07b81d82f69930f7ec9c57082f216f9d
-
SHA256
02fe433ee42741b05763156b493b046a8679f9ce0cd918f1c30812e076666972
-
SHA512
0533d767bf2bcab83cc7e1f3c1865209260855ccb1f1f12643d821858d369c6fec436212772dd5ee67013db0a7bfcb987d80c0fe515ccae98e90ab16a60e1481
-
SSDEEP
24576:HZxTEp53kGkJK73JjZ6ff8EtJk9HbqbMSpAIXOixBiE66HVqZNF6YA00VRT2nt:HXTEp53Nv79Z6ff8EtqBb5uBiEqNhA0R
Malware Config
Targets
-
-
Target
ca12f1a669920830f8f645ed301022d5_JaffaCakes118
-
Size
1.3MB
-
MD5
ca12f1a669920830f8f645ed301022d5
-
SHA1
7c0ecc2d07b81d82f69930f7ec9c57082f216f9d
-
SHA256
02fe433ee42741b05763156b493b046a8679f9ce0cd918f1c30812e076666972
-
SHA512
0533d767bf2bcab83cc7e1f3c1865209260855ccb1f1f12643d821858d369c6fec436212772dd5ee67013db0a7bfcb987d80c0fe515ccae98e90ab16a60e1481
-
SSDEEP
24576:HZxTEp53kGkJK73JjZ6ff8EtJk9HbqbMSpAIXOixBiE66HVqZNF6YA00VRT2nt:HXTEp53Nv79Z6ff8EtqBb5uBiEqNhA0R
Score10/10-
Ardamax
A keylogger first seen in 2013.
-
Ardamax main executable
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in System32 directory
-